Application Security Training and Source Code security

The course will focus on common security threats to web applications and what are countermeasures strategies available. The primary aim of the course is to educate developers, designers, architects and organizations about the consequences of the most common web application security vulnerabilities and methodology to protect against such vulnerabilities.

The course draws upon various published research and best practices in this area, like OWASP top 10 web application attacks, CERT, Microsoft’s writing secure code, Web Application Security Consortium, CVE database published by MITRE, etc.

Course Outline:

1. Introduction of information security scenario.

2. Primer on Web Application Security.

3. Common Threats and Vulnerabilities in Web application.

4. Breaking the network into Web, Application and Database.

5. Common attacks at Web end.

• Cross-site scripting
• Parameter tampering
• Cookie poisoning
• Input manipulation
• Buffer overflow
• Direct access browsing
• Denial of Service
• Cross Site Request Forgery (CSRF)
• Insecure configuration flaws.
• Directory traversal
• Handling exception

6. Common attacks at the Application end.

• Broken Authentication & Session Management
• Denial of Service
• Directory traversal
• Race Conditions
• Input Validation
• Improper handling of error messages.

7. Common attacks at Database end including Code Injection Flaws / Sql Injection

8. Hands on simulation on common web application attack scenarios.