Training

Table of Content

Part 1: Introduction to Web Application Security

  • Overview of Web Security landscape
  • HTTP/HTTPS basics overview
  • Understanding Web Server Architecture
  • Overview of OWASP top 10 Web Application Security

Part 2: Web Application Security Vulnerabilities

  • Injection
  • Cross-Site Scripting
  • Cross-Site Request Forgery (CSRF)
  • Broken Authentication and Session Management
  • Authentication & Authorization (Privilege Escalation & IDOR)
  • Unvalidated Redirects and Forwards
  • Insecure Deserialization

Part 3: Web Application Security Vulnerabilities

  • Insecure Cryptographic Storage
  • Insufficient Transport Layer Protection
  • Insecure File Upload
  • XML External Entity (XXE)
  • Security Misconfiguration
  • Server-Side Template Injection (SSTI)

Part 4: Hands-on Workshop & Real-World Case Studies

  • Simulating and exploiting vulnerabilities in a controlled environment
  • Discussion on case studies
  • QnA

Training Pre-requisite:

  • A laptop with a minimum of 4GB of RAM (8GB or more is recommended)
  • Pendrive or Hardrive
  • Install a web browser (Chrome and Firefox)
  • Install Burp suite community version (system needs to have the latest version of Java 8 or Java 11)
  • Install Kali Linux

Training Level:

Basic & Intermediate

Note: Request that all laptop configuration issues be resolved before to the training and that outdated laptops that do not support the newest software be avoided, as ad-hoc tool installation may occur during the session.

Kasturi

social, social network, icon-1834013.jpg
Swati Laxmi
social, social network, icon-1834013.jpg
Hall Name: Hall 4
Time: 8 Hour

In this intensive 1-day hands-on web application security assessment training, participants will delve into the core principles of web security, equipping them with essential skills to safeguard digital environments. Covering a wide spectrum of web security vulnerabilities, including Injection, Cross-Site Scripting, XXE, Insecure Deserialization etc the training will provide hands-on experience in identifying and exploiting these vulnerabilities within a controlled virtual lab environment. Participants will gain insight into the intricacies of web application vulnerability exploitation techniques and explore critical topics such as authentication, authorization, session management, and mitigation strategy. The training will go beyond the basics by addressing the emerging threat landscape and their potential impact on web security. Real-world case studies and examples of recent web security breaches will be dissected to underscore the significance of proactive security measures. Through immersive lab exercises, participants will not only master the art of vulnerability identification and exploitation but will also cultivate the skills needed to implement robust preventive strategies. At the end of this training, attendees will be equipped with practical knowledge that transcends traditional cyber roles and empowers them to contribute to a more secure digital ecosystem.

About Speakers

Kasturi is a cyber security expert with more than a decade-long journey in offensive security. With a diverse background spanning various sectors and industries working immensely in web app security, network security, red teaming, OT security etc Kasturi has honed her expertise as a cyber security manager at EY GDS, safeguarding critical digital assets from the ever-evolving landscape of cyber threats. Kasturi’s passion for pushing boundaries and embracing new challenges has led her to embark on a fascinating exploration of emerging frontiers. Currently, she is delving into the domains of generative AI and metaverse security, determined to unravel the intricacies of these cutting-edge technologies and ensure their safe integration into our interconnected world. She is also an active member of Null and helps other security professionals in the domain through sessions and training.

Swati is the founder of CRAC LEARNING. She is a cybersecurity enthusiast exploring multiple domains in security, learning and keeping herself updated with the latest trends and techniques. Worked with great teams at Amazon, AWS, and Microsoft. Also, an active volunteer to help budding talent and initiatives in cybersecurity research and awareness.