Web Application Security (WAS)

Web Application Security (WAS)

Kestus:

32 academic hours

Toimumiskoht:

Claryfied Security koolitusklass

This training focuses on attacks so that the need for defence is better understood. OWASP project should be the bible of everyone dealing with WebApp development and security and OWASP ASVS (Application Security Verification Standard) is one of the golden standards of WebApp security testing. This training will cover all WebApp attack types and instills this knowledge with lot of hands-on exercises. With first-hand experience in those attacks, participants are better armed with understanding the attacks and why they are conducted.

Trainers will engage participants with lectures, live attack demonstrations and practical examples followed by individual hands-on exercise scenarios. Training is interactive, practical, and besides active participation also full of attack stories that help to change the perspective and understanding of real life security threats.

Koolitus toimub koostöös Clarified Security-ga.

NB! Koolitus on inglise keeles.

Target audience:WebApp developers, maintainers, web server or hosting providers/administrators, information security specialists and managers, testers.

Length: 32 academic hours

The prerequisite for issuing the certificate is full participation in training.

The training topics and description:

Web Application security essentials (4 parts, 8 lectures with practical demos and exercises for each vulnerability, including complex attack scenarios):

Client-Side attacks

  • Introduction, Client-Server system
  • OWASP (Top 10, ASVS)
  • Input data
  • GET vs POST
  • HTTP vs HTTPS
  • Controlling the thick client (Java applet, Flash, etc.,)
  • XSS (Cross-Site-Scripting)
  • Session security, cookies, session hijacking
  • OSRF/CSRF (On-Site and Cross-Site Request Forgery)
  • UI Redress Attacks (inc ClickJacking, CursorJacking)
  • Combined client side attacks

Server-Side attacks

  • Password security, crypto, brute-force, dictionary, sensitive data
  • Authentication and authorization errors, "remember me" features
  • Business logic implementation errors
  • Direct Object Reference mistakes
  • SQL injection
  • Code and Command injection
  • source code and structure defence, attack code upload, configuration
  • File handling (file extensions, public folder, execution, enumeration and quessing, meta info)
  • File inclusion (LFI, RFI, RCE, NULL-Byte)
  • File upload
  • Other file insertion vectors (log files)
  • Configuration (Java/PHP, error messages (what to show & what to log), Apache, file permissions)
  • Google hacking

Koolitus toimub aadressil Lõõtsa 12, Tallinn. Kell 9:00-17:00

IT koolitus on Eesti Töötukassa koolituskaardi koostööpartner.

Soovitame tutvuda ka tööandjatele suunatud Töötukassa poolt pakutavate täiendkoolituste toetustega: koolitustoetus tööandjatele ning töötaja koolituskulude hüvitamine tööandjale.

Näeme koolitusel!

Koolitajad

  • Marko Belzetski

    Pentester (WebApps, mobile), trainer

    Certifications: • GIAC Web Application Penetration Tester (GWAPT) • GIAC Mobile Device Security Analyst (GMOB) • GIAC Advanced Smartphone Forensic Analyst (GASF) • Offensive Security Web Expert (OSWE)

    Marko joined the team in August 2016. His focus lies in Android and web application penetration testing. He is also one of the main lecturers of our 4-day Web Application Security course. Previously he has worked in finance and business support along with some freelance web application development.

    Marko has a diploma of professional higher education in IT systems development from Tallinn Technical University. His thesis on the subject of Android IPCs was awarded best thesis in the BSc category of his graduation year. He also holds a bachelor's degree in business administration from Northwood University, which he graduated magna cum laude.

    Marko Belzetski

    Pentester (WebApps, mobile), trainer

    Certifications: • GIAC Web Application Penetration Tester (GWAPT) • GIAC Mobile Device Security Analyst (GMOB) • GIAC Advanced Smartphone Forensic Analyst (GASF) • Offensive Security Web Expert (OSWE)

    Marko joined the team in August 2016. His focus lies in Android and web application penetration testing. He is also one of the main lecturers of our 4-day Web Application Security course. Previously he has worked in finance and business support along with some freelance web application development.

    Marko has a diploma of professional higher education in IT systems development from Tallinn Technical University. His thesis on the subject of Android IPCs was awarded best thesis in the BSc category of his graduation year. He also holds a bachelor's degree in business administration from Northwood University, which he graduated magna cum laude.
Web Application Security (WAS)

Kestus:

32 academic hours

Toimumiskoht:

Claryfied Security koolitusklass

This training focuses on attacks so that the need for defence is better understood. OWASP project should be the bible of everyone dealing with WebApp development and security and OWASP ASVS (Application Security Verification Standard) is one of the golden standards of WebApp security testing. This training will cover all WebApp attack types and instills this knowledge with lot of hands-on exercises. With first-hand experience in those attacks, participants are better armed with understanding the attacks and why they are conducted.

Trainers will engage participants with lectures, live attack demonstrations and practical examples followed by individual hands-on exercise scenarios. Training is interactive, practical, and besides active participation also full of attack stories that help to change the perspective and understanding of real life security threats.

Koolitus toimub koostöös Clarified Security-ga.

NB! Koolitus on inglise keeles.

Target audience:WebApp developers, maintainers, web server or hosting providers/administrators, information security specialists and managers, testers.

Length: 32 academic hours

The prerequisite for issuing the certificate is full participation in training.

The training topics and description:

Web Application security essentials (4 parts, 8 lectures with practical demos and exercises for each vulnerability, including complex attack scenarios):

Client-Side attacks

  • Introduction, Client-Server system
  • OWASP (Top 10, ASVS)
  • Input data
  • GET vs POST
  • HTTP vs HTTPS
  • Controlling the thick client (Java applet, Flash, etc.,)
  • XSS (Cross-Site-Scripting)
  • Session security, cookies, session hijacking
  • OSRF/CSRF (On-Site and Cross-Site Request Forgery)
  • UI Redress Attacks (inc ClickJacking, CursorJacking)
  • Combined client side attacks

Server-Side attacks

  • Password security, crypto, brute-force, dictionary, sensitive data
  • Authentication and authorization errors, "remember me" features
  • Business logic implementation errors
  • Direct Object Reference mistakes
  • SQL injection
  • Code and Command injection
  • source code and structure defence, attack code upload, configuration
  • File handling (file extensions, public folder, execution, enumeration and quessing, meta info)
  • File inclusion (LFI, RFI, RCE, NULL-Byte)
  • File upload
  • Other file insertion vectors (log files)
  • Configuration (Java/PHP, error messages (what to show & what to log), Apache, file permissions)
  • Google hacking

Koolitus toimub aadressil Lõõtsa 12, Tallinn. Kell 9:00-17:00

IT koolitus on Eesti Töötukassa koolituskaardi koostööpartner.

Soovitame tutvuda ka tööandjatele suunatud Töötukassa poolt pakutavate täiendkoolituste toetustega: koolitustoetus tööandjatele ning töötaja koolituskulude hüvitamine tööandjale.

Näeme koolitusel!

Koolitajad

  • Marko Belzetski

    Pentester (WebApps, mobile), trainer

    Certifications: • GIAC Web Application Penetration Tester (GWAPT) • GIAC Mobile Device Security Analyst (GMOB) • GIAC Advanced Smartphone Forensic Analyst (GASF) • Offensive Security Web Expert (OSWE)

    Marko joined the team in August 2016. His focus lies in Android and web application penetration testing. He is also one of the main lecturers of our 4-day Web Application Security course. Previously he has worked in finance and business support along with some freelance web application development.

    Marko has a diploma of professional higher education in IT systems development from Tallinn Technical University. His thesis on the subject of Android IPCs was awarded best thesis in the BSc category of his graduation year. He also holds a bachelor's degree in business administration from Northwood University, which he graduated magna cum laude.

    Marko Belzetski

    Pentester (WebApps, mobile), trainer

    Certifications: • GIAC Web Application Penetration Tester (GWAPT) • GIAC Mobile Device Security Analyst (GMOB) • GIAC Advanced Smartphone Forensic Analyst (GASF) • Offensive Security Web Expert (OSWE)

    Marko joined the team in August 2016. His focus lies in Android and web application penetration testing. He is also one of the main lecturers of our 4-day Web Application Security course. Previously he has worked in finance and business support along with some freelance web application development.

    Marko has a diploma of professional higher education in IT systems development from Tallinn Technical University. His thesis on the subject of Android IPCs was awarded best thesis in the BSc category of his graduation year. He also holds a bachelor's degree in business administration from Northwood University, which he graduated magna cum laude.

Lisainfo

Registreerudes e-poe, e-kirja või telefoni teel, saadame Teile arve ja täpsema info osalemise kohta.
Üksteist päeva enne koolitust saadame Teile e-kirjaga meenutuse osalemise infoga.

Koolitusel osalemine on nimeline, kuid saate osalejat tasuta muuta kuni koolituse alguseni.

Koolituse eest tasumine toimub arvel viidatud arveldusarvele. Arve saadetakse maksja aadressile e-postiga. Arve tuleb tasuda enne koolituse algust arvel märgitud maksetähtajaks.

IT Koolitus on Eesti Töötukassa koolituskaardi koostööpartner. Tutvuge koolituskaardi infoga SIIN.
Täpsema info saamiseks võtke meiega ühendust telefonil 618 1727 või [email protected].

Tühistamisinfo

Kui te ei saa mingil põhjusel koolitusel osaleda, palun andke sellest teada e-posti aadressil [email protected]. Kui teatate mitteosalemisest vähemalt 7 kalendripäeva ette, lepime Teiega kokku uue aja või tagastame 100% koolituse maksumusest. Tagastame koolituse osalustasu täismahus juhul, kui pole tehtud koolituse korraldamisega seotud kulutusi (ostetud õppematerjale jms). Koolitusele mitteilmumisel, sellest mitteteatamisel või koolituse poolelijätmisel õppetasu ei tagastata.

Asukoht ja kontaktid

Aadress

Lõõtsa 12, Tallinn

IT Koolitus Vana-Lõuna 39/1, Tallinn 6181727 [email protected]

© AS Äripäev 2000-2024
  • Aadress: Vana Lõuna 39/1, 19094 Tallinn
  • Klienditugi: 667 0099 (8:15-17:00)
  • E-post: [email protected]