We are providing Security Testing Hands-on Training for Web Applications. The following are the highlights of the training:
- Trainer is a Passionate Cyber Security Professional having 10 Plus years of experience in information security testing
- Worked across various MNC's
- He is one of those few Security professional who holds internationally renowned CISSP and CISA Certifications besides CEH.
- No pre-requisites required for this Training.
- This course is appropriate for software development and testing professionals who want to begin doing security testing as part of their assurance activities.
- Practical Hands-on training will be provided using various Security Testing Tools by a real time expert.
- This is a beginners to advanced course on Web Application Security Testing (Penetration Testing)
- Assignment/Tasks will be provided to build your confidence.
- Don't wait, just make a move and utilize this precious opportunity of Security Testing
- Security Testers are in great demand and getting good packages in the market.
- Be an all-rounder, instead of just sticking to normal Manual and Automation Testing skills.
Click on the below image to Enroll into the Demo Session:
Enroll here: Click on the below link to enroll into this demo session:
Click here to Enroll for the Demo Session
Note: If you have any questions, you can reach me using the below details:
- Email address: arun.motoori@gmail.com
- Phone/Whatsapp Number: +91 - 9908895533 (India)
- LinkedIn Profile: Click here to Connect
- Skype ID: arun.motoori
- Start Date: 24th April 2018
- Time: 6:30 AM IST to 8 AM IST (Indian Standard Time)
- Training Duration: 2 Weeks
- Session Duration: One and half hours (Daily)
- Training Type: Online Training
- Training Cost: Rs 15000 ($230)
Training Contents:
Web Application Security Testing (Hands-on Training)
- Introduction to Security Testing and its importance
- Basic concepts of Security Testing
ü CIA Triad
ü HTTP Methods
ü HTTP Response Code
ü Http Headers
ü Cookie VS Session
ü Cryptography- Encryption, Encoding, Hashing
ü Symmetric key algorithm
ü Asymmetric key algorithm
ü Input Validation
ü Output encoding
ü Black List Validation
ü Whitelist Validation
ü Client site Validation
ü Server Side Validation
- SDLC and Threat Modelling
- Security Testing process/Methodology
- SSL Handshaking Process
- SSL VS TLS
- SSL/TLS Version
- OWASP 2013-2017 Vulnerabilities
ü SQL Injection
ü Cross Site Scripting
ü Cross Site Request Forgery
ü Insecure Direct Object Reference
ü Failure to restrict URL Access
ü Security Misconfiguration
ü Unvalidated redirects and forwards
ü Broken Authentication and session management
ü Using components with knows vulnerabilities
ü Sensitive data exposure
ü Xml External Entity
ü Insecure Logging and Storage
ü Insecure Communication
ü Vulnerable SSL/TLS Versions
- Authentication related tests
ü Credentials transport over an encrypted channel/Insecure Communication
ü Testing for user enumeration
ü Default or guessable (dictionary) user account
ü Testing for Brute Force
ü Testing for Bypassing authentication schema
ü Testing for Vulnerable remember password and pwd reset
ü Testing for Logout and Browser Cache Management
ü Testing for CAPTCHA
ü Insufficient Password Policy
ü Insufficient Password change Policy
ü Password Stored in Plane test
ü Password History
- Authorization related tests
ü Path Traversals
ü Bypassing Authorization schema
ü Privilege Escalation
- Session Management Testing
ü Session Hijacking
ü Session Fixation
ü Session Timeout
ü Session replay
ü Session Invalidation
ü Exposed Session Variables
- Configuration related tests
ü Missing Http Only and Secure Flags
ü Clickjacking
ü HTTP Strict transport Security Header
ü Unsafe CORS Policy- HTML5
ü Cookie Scoped to parent domain
ü Improper error message
- Malicious File Upload
- Introduction to various Vulnerability Scanners
- Scanning application using BurpSuite and False positive elimination
- Bypassing client-Side Validations
- Risk Rating and Report preparation
All the above contents will be explained in a practical manner. If you are interested in this course, enroll below:
Enroll here: Click on the below link to enroll into the demo session:
Regards,
Arun Motoori
------------------------------------------------------------------------------------------------------------------------
- Email address: arun.motoori@gmail.com
- Phone/Whatsapp Number: +91 - 9908895533 (India)
- LinkedIn Profile: Click here to Connect
- Skype ID: arun.motoori
No comments:
Post a Comment