Security Testing Hands-on Training for Web Application :: Trainer has 10+ Years of Experience and is Certified in internationally renowned CISSP and CISA Certifications besides CEH.

Hello Everyone,

We are providing Security Testing Hands-on Training for Web Applications. The following are the highlights of the training:

  • Trainer is a Passionate Cyber Security Professional having 10 Plus years of experience in information security testing
  • Worked across various MNC's
  • He is one of those few Security professional who holds internationally renowned CISSP and CISA Certifications besides CEH.
  • No pre-requisites required for this Training.
  • This course is appropriate for software development and testing professionals who want to begin doing security testing as part of their assurance activities.
  • Practical Hands-on training will be provided using various Security Testing Tools by a real time expert. 
  • This is a beginners to advanced course on Web Application Security Testing (Penetration Testing)
  • Assignment/Tasks will be provided to build your confidence. 
  • Don't wait, just make a move and utilize this precious opportunity of Security Testing
  • Security Testers are in great demand and getting good packages in the market. 
  • Be an all-rounder, instead of just sticking to normal Manual and Automation Testing skills.

Click on the below image to Enroll into the Demo Session:

Enroll here: Click on the below link to enroll into this demo session:

Click here to Enroll for the Demo Session

Note: If you have any questions, you can reach me using the below details:

  • Email
  • Phone/Whatsapp Number+91 - 9908895533 (India)
  • LinkedIn Profile: Click here to Connect
  • Skype ID: arun.motoori

The following are the Online Training details:

  • Start Date: 24th April 2018
  • Time: 6:30 AM IST to 8 AM IST (Indian Standard Time)
  • Training Duration: 2 Weeks
  • Session Duration: One and half hours (Daily)
  • Training Type: Online Training
  • Training Cost: Rs 15000 ($230)

Training Contents:

Web Application Security Testing (Hands-on Training)
  •         Introduction to Security Testing and its importance
  •         Basic concepts of Security Testing

ü  CIA Triad
ü  HTTP Methods
ü  HTTP Response Code
ü  Http Headers
ü  Cookie VS Session
ü  Cryptography- Encryption, Encoding, Hashing
ü  Symmetric key algorithm
ü  Asymmetric key algorithm
ü  Input Validation
ü  Output encoding
ü  Black List Validation
ü  Whitelist Validation
ü  Client site Validation
ü  Server Side Validation

  •         SDLC and Threat Modelling
  •         Security Testing process/Methodology
  •         SSL Handshaking Process
  •         SSL VS TLS
  •         SSL/TLS Version
  •         OWASP 2013-2017 Vulnerabilities

ü  SQL Injection
ü  Cross Site Scripting
ü  Cross Site Request Forgery
ü  Insecure Direct Object Reference
ü  Failure to restrict URL Access
ü  Security Misconfiguration
ü  Unvalidated redirects and forwards
ü  Broken Authentication and session management
ü  Using components with knows vulnerabilities
ü  Sensitive data exposure
ü  Xml External Entity
ü  Insecure Logging and Storage
ü  Insecure Communication
ü  Vulnerable SSL/TLS Versions

  •          Authentication related tests

ü  Credentials transport over an encrypted channel/Insecure Communication
ü  Testing for user enumeration
ü  Default or guessable (dictionary) user account
ü  Testing for Brute Force
ü  Testing for Bypassing authentication schema
ü  Testing for Vulnerable remember password and pwd reset
ü  Testing for Logout and Browser Cache Management
ü  Testing for CAPTCHA
ü  Insufficient Password Policy
ü  Insufficient Password change Policy
ü  Password Stored in Plane test
ü  Password History

  •         Authorization related tests

ü  Path Traversals
ü  Bypassing Authorization schema
ü  Privilege Escalation

  •          Session Management Testing
ü  Session Hijacking
ü  Session Fixation
ü  Session Timeout
ü  Session replay
ü  Session Invalidation
ü  Exposed Session Variables

  •          Configuration related tests

ü  Missing Http Only and Secure Flags
ü  Clickjacking
ü  HTTP Strict transport Security Header
ü  Unsafe CORS Policy- HTML5
ü  Cookie Scoped to parent domain
ü  Improper error message

  •         Malicious File Upload
  •         Introduction to various Vulnerability Scanners
  •         Scanning application using BurpSuite and False positive elimination
  •         Bypassing client-Side Validations
  •         Risk Rating and Report preparation

 All the above contents will be explained in a practical manner. If you are interested in this course, enroll below:

Enroll here: Click on the below link to enroll into the demo session:
Arun Motoori


  • Email
  • Phone/Whatsapp Number+91 - 9908895533 (India)
  • LinkedIn Profile: Click here to Connect
  • Skype ID: arun.motoori

No comments: