Application Security Assessment

Deze Partnercursus cursus hebben we niet meer in ons assortiment maar nog wel andere cursussen, bijvoorbeeld:

Er zijn geen gerelateerde cursussen.

Kunnen wij je helpen?

During this course you will learn, understand and execute the approach and technics as described in the OWASP Testing Guide. From defining the scope of an application security assessment to the write-up and reporting, this course does teach the practical skills to execute an application security assessment, aka hack test or application penetration test.

Certification:
There is no certification exam for this course. After following the course, you will receive a certification of attending the course.
To be entitled for the certification of attendance, you have to be present at all days of the course.

Legal Agreement:
The mission of the course “Application Security Assessment” is to educate, introduce and demonstrate application security assessment technics for penetration testing purposes only.
Prior to attending this course, you will be asked to sign an agreement stating that you will not use the newly acquired skills for illegal or malicious attacks and you will not use such tools in an attempt to compromise any computer system without approval of the legal owner.

Doelgroep

This course will benefit developers, application administrator and security professionals. Having a solid understanding of SQL, HTTP and experience in application development and administration is a pre.

Fabian Klostermann

accountmanager

Onderwerpen

Module 1: Introduction
Module 2a: Passive Techniques – Information Gathering I
Module 2b: Passive Techniques – Information Gathering II
Module 2c: Passive Techniques – Information Gathering III
Module 3: Pentest I, Configuration Management
Module 4: Pentest II, Business Logic 109
Module 5: Pentest III, Authentication
Module 6: Pentest IV, Authorization

Module 7: Pentest V, Session Management
Module 8: Pentest VI, Data Validation
Module 9: Pentest VII, Denial of Service (DOS)
Module 10: Pentest VIII, Web Services
Module 11: Pentest IX, Ajax
Module 12: Reporting
Module 13: How to continue

Bekijk meer onderwerpenBekijk minder onderwerpen

Module 1: Introduction – Into Penetration Testing
- What is Penetration Testing
- hy Penetration Testing
- Methodologies
  - Black-box Test
  - Grey-box Test
  - White-box test
- Determine the scope:
  - Whom do you test for
  - Why are you testing
  - What is your target
- Legal
  - “Out of jail’ card
Module 2a: Passive Techniques – Information Gathering I
- Spider, Robots and Crawlers
- Search Engine Discovery/Reconnaissance
Module 2b: Passive Techniques – Information Gathering II
- Identify application entry points
- Testing for WebApplication Fingerprint
Module 2c: Passive Techniques – Information Gathering III
- Application Discovery
- Analysis of Error Codes
Module 3: Pentest I, Configuration Management
- SSL/TSL
- DB Listener
- Infrastructure Configuration Management
- Application Configuration Management
- File Extensions Handling
- Old, Backup and Unreferenced Files
- Infrastructure and Application Admin Interfaces
- HTTP Methods and XST
Module 4: Pentest II, Business Logic 109
- Business rules, limits and restrictions
- Business scenarios
- Workflow
- Different user roles
- Different groups or departments
- Permissions of various user roles and groups
- Privilege table
- Developing and execution of logical tests
Module 5: Pentest III, Authentication
- Credentials transport over an encrypted Channel
- User enumeration
- Guessable (dictionary) user account
- Brute Force
- Bypassing Authentication Schema
- Vulnerable remember Password reset
- Logout and Browser Cache Management
- CAPTCHA
- Multi Factors Authentication
- Race Conditions
Module 6: Pentest IV, Authorization
- Path Traversal
- Bypassing Authorization Schema
- Privilege Escalation

Module 7: Pentest V, Session Management
- Session Management Schema
- Cookies attributes
- Session Fixation
- Exposed Session Variables
- CSRF
Module 8: Pentest VI, Data Validation
- Cross site Scripting (reflected, stored, DOM based, Cross Site Flashing)
- SQL Injection (different databases, out of band, blind)
- LDAP Injection
- ORM Injection
- XML Injection
- SSI Injection
- XPath Injection
- IMAP/SMTP injection
- Code Injection
- OS Commanding
- Buffer overflow ( Heap / Stack overflow, Format string)
- Incubated vulnerability
- HTTP Splitting/Smuggling
Module 9: Pentest VII, Denial of Service (DOS)
- SQL Wildcard Attacks
- Locking Customer Accounts
- User Specified Object Allocation
- User Input as a Loop Counter
- Writing User Provided Data to Disk
- Failure to Release Resources
- Storing too Much Data in Session
Module 10: Pentest VIII, Web Services
- WS Information Gathering
- WSDL
- XML Structure
- XML Content-Level
- HTTP GET parameters / REST
- SOAP attachments
- Replay
Module 11: Pentest IX, Ajax
Module 12: Reporting
- Value the Real Risk
- Writing the Report
- Executive Summary
- Technical Management Overview
- Assessment Findings
- Delivering a report
Module 13: How to continue

Planning & Prijs

Gerelateerde cursussen

Er zijn geen gerelateerde cursussen.

Ervaringen

ervaringen verzameld via

"Training was prima, goede tips gekregen met af en toe een grap en grol. Locatie was prima, goed verzogd vwb koffie/thee, fruit en koekje. Mensen ook zeer vriendelijk. Lunch was perfect en zeer uitgebreid."

9

"De cursus was goed, en de verzorging ook!Ik heb er veel van opgestoken! De lokatie in Nieuwegein is goed te bereiken met het openbaar vervoer, dus dat is prettig. Tot een volgenden keer."

10

"Ik vond de training erg leerzaam. De inhoud was van een hoog niveau en de docent was goed thuis in de materie. Ik stel het vooral op prijs dat er diep op de concepten werd ingegaan."

9

Categorieën

Onderwerpen

Leveranciers

Prijs