Visa utbildning.se som: Mobil

Security Testing Web Applications

Informator
Kort om utbildningen
3 dagar
29 400 SEK Momsfri
Nästa tillfälle: 2020-12-21 - Distans
Distans, Göteborg, Stockholm
Öppen utbildning, Onlineutbildning
Kommande starter
Distans
29 400 SEK
2020-12-21

Göteborg
29 400 SEK
2020-12-21

Stockholm
29 400 SEK
2020-12-21

Kursbeskrivning


Testing plays a very important role in ensuring security and robustness of web applications. Various approaches – from high level auditing through penetration testing to ethical hacking – can be applied to find vulnerabilities of different types. However if you want to go beyond the easy-to-find low-hanging fruits, security testing should be well planned and properly executed. Remember: security testers should ideally find all bugs to protect a system, while for adversaries it is enough to find one exploitable vulnerability to penetrate into it.
Attending this course will prepare software testers to adequately plan and precisely execute security tests, select and use the most appropriate tools and techniques to find even hidden security flaws. Practical exercises will help understanding web application vulnerabilities and mitigation techniques, together with hands-on trials of various testing tools from security scanners, through sniffers, proxy servers, fuzzing tools to static source code analyzers, this course gives the essential practical skills that can be applied on the next day at the workplace.
Course outline

IT security and secure coding
Web application security (OWASP Top Ten 2017)
Client-side security
Denial of service
Security testing
Security testing techniques and tools
Knowledge sources

Day 1
Security basics
What is security?
Threat and risk
Types of threats against computer systems
Consequences of insecure software
Constraints and the market
The dark sideCategorization of bugs

The Seven Pernicious Kingdoms
Common Weakness Enumeration (CWE)
CWE/SANS Top 25 Most Dangerous Software Errors
Vulnerabilities in the environment and dependencies

The OWASP Top Ten
OWASP Top 10 – 2017
A1 - Injection

Injection principles
Injection attacks
SQL injection

SQL injection basics
Lab – SQL injection
Attack techniques
Content-based blind SQL injection
Time-based blind SQL injection

SQL injection best practices

Input validation
Parameterized queries
Additional considerations
Lab – Using prepared statements
Case study – Hacking Fortnite accounts
Testing for SQL injection

Code injection

OS command injection

Lab – Command injection
OS command injection best practices
Lab – Command injection best practices
Case study – Command injection via ping
Testing for command injection

Injection best practices

A2 - Broken Authentication

Authentication basics
Authentication weaknesses
Spoofing on the Web
Testing for weak authentication
Case study – PayPal 2FA bypass
User interface best practices
Password management

Inbound password management

Storing account passwords
Password in transit
Lab – Why is just hashing passwords not enough?
Dictionary attacks and brute forcing
Salting
Adaptive hash functions for password storage
(Mis)handling passwords
Password policy
NIST authenticator requirements for memorized secrets
Password length
Password hardening
Using passphrases
Lab – Applying a password policy
The Ashley Madison data breach
The dictionary attack
The ultimate crack
Exploitation and the lessons learned
Password database migration
Testing for password management issues

Outbound password management

Hard coded passwords
Password in configuration file
Lab – Hardcoded password
Protecting sensitive information in memory
Challenges in protecting memory

Session management

Session management essentials
Why do we protect session IDs – Session hijacking
Session ID best practices
Session expiration
Session fixation
Testing for session management issues
Cross-site Request Forgery (CSRF)

Lab – Cross-site Request Forgery
CSRF best practices
Lab – CSRF protection with tokens
Testing for CSRF

Cookie security

Cookie security best practices
Cookie attributes
Testing cookie security

Day 2
Security testing
Security testing methodology

Preparation
Identifying assets
Identifying the attack surface
Assigning security requirements
Lab – Identifying and rating assets
Attacker profiling
Threat modelling

SDL threat modelling
Data flow diagram elements
Mapping STRIDE to DFD
Lab – SDL threat modelling
Attack trees
Misuse cases
Risk analysis
Lab – Risk analysis

Security testing approaches

Review and recommendations
Standard and proprietary mitigations

The OWASP Top Ten
A3 - Sensitive Data Exposure

Information exposure
Exposure through extracted data and aggregation
System information leakage

Leaking system information

Information exposure best practices

A4 - XML External Entities (XXE)

 DTD and the entities
Entity expansion
External Entity Attack (XXE)

File inclusion with external entities
Server-Side Request Forgery with external entities
Lab – External entity attack
Case study – XXE vulnerability in SAP Store
Lab – Prohibiting DTE
Testing for XXE and XML entity-related vulnerabilities

A5 - Broken Access Control

Access control basics
Missing or improper authorization
Failure to restrict URL access
Testing for authorization issues
Confused deputy

Insecure direct object reference (IDOR)
Lab – Insecure Direct Object Reference
Authorization bypass through user-controlled keys
Case study – Authorization bypass on Facebook
Testing for confused deputy weaknesses

File upload

Unrestricted file upload
Good practices
Lab – Unrestricted file upload
Testing for file upload vulnerabilities

A6 - Security Misconfiguration

Configuration principles
Server misconfiguration
Configuration management

A7 - Cross-site Scripting (XSS)

Cross-site scripting basics
Cross-site scripting types

Persistent cross-site scripting
Reflected cross-site scripting
Client-side (DOM-based) cross-site scripting
Case study – XSS in Fortnite accounts

XSS protection best practices

Protection principles - escaping
Additional protection layers
Client-side protection principles
Lab – XSS fix / stored
Lab – XSS fix / reflected
Testing for XSS

A8 - Insecure Deserialization

Serialization and deserialization challenges
Deserializing untrusted streams
Deserializing best practices
Property Oriented Programming (POP)

POP best practices
Lab – Creating a POP payload
Lab – Using the POP payload
Testing for insecure deserialization

Day 3
Security testing
Security testing techniques and tools

Security testing vs functional testing
Manual and automated methods
Penetration testing
Stress testing
Code analysis

Security aspects of code review
Static analysis

Dynamic analysis

Security testing at runtime
Dynamic analysis tools

Testing web applications

Web vulnerability scanners
SQL injection tools

Man-in-the-middle sniffing and interference

Proxy servers
Lab – Using a proxy

The OWASP Top Ten
A9 - Using Components with Known Vulnerabilities

Using vulnerable components
Assessing the environment
Hardening
Untrusted functionality import
Importing JavaScript
Case study – The British Airways data breach
Vulnerability management

Patch management
Vulnerability databases and scanning tools
Vulnerability rating – CVSS

A10 - Insufficient Logging & Monitoring

Logging and monitoring principles
Insufficient logging
Plaintext passwords at Facebook
Logging best practices
Monitoring best practices

Web application security beyond the Top Ten

Client-side security
Same Origin Policy

Relaxing the Same Origin Policy
Relaxing with Cross-Origin Resource Sharing (CORS)
Simple request
Preflight request
Tabnabbing

Frame sandboxing

Cross-Frame Scripting (XFS) attack
Lab - Clickjacking
Clickjacking beyond hijacking a click
Clickjacking protection best practices

Testing for client-side security weaknesses

Common software security weaknesses
Input validation

Input validation principles

Blacklists and whitelists
Data validation techniques
What to validate – the attack surface
When to validate – validation vs transformations
Where to validate – defense in depth
Output sanitization
Encoding challenges
Validation with regex

Integer handling problems

Representing signed numbers
Integer visualization
Integer overflow
Integer truncation
Best practices

Upcasting
Precondition testing
Postcondition testing

Testing for numeric problems

Files and streams

Path traversal
Path traversal-related examples
Additional challenges in Windows
Virtual resources
Path traversal best practices
Testing for path traversal

JSON security
JSON injection
Dangers of JSONP
JSON/JavaScript hijacking
Best practices
Testing
ReactJS vulnerability in HackerOne
Wrap up
Secure coding principles

Principles of robust programming by Matt Bishop
Secure design principles of Saltzer and Schröder
Some more principles

And now what?

Further sources and readings

Hur påverkar COVID-19 denna utbildning?

Vi på utbildning.se är övertygade om att kunskap driver människor och organisationer framåt. Det gör även de arrangörer vi samarbetar med.
Många utbildningar ställs exempelvis om från klassrums- till distansutbildning.

För att ta reda på om en utbildning påverkas med anledning av COVID-19, kontakta gärna arrangören.

Intresseanmälan

Fyll i formuläret för att få mer information om Security Testing Web Applications, direkt från arrangören. Det är gratis och inte bindande!

Informator

Informator

Utbildningsutbud

Informator är utbildningsföretaget som stärker din konkurrenskraft genom att underhålla, uppdatera och tillföra relevant kunskap inom IT och management där och när du behöver det. Vi har vuxit tillsammans med svensk mjukvaruindustris ledande företag och utbildat utvecklare, tekniker, projektledare och chefer sedan...


Läs mer om Informator och visa alla utbildningar.

Kontaktuppgifter

Informator

Karlavägen 108
115 26 Stockholm

 Visa telefonnummer

Intresseanmälan

För att få mer information om utbildningen Security Testing Web Applications från Informator, fyll i dina uppgifter:

Recensioner
Kursrecensioner
Bli den första att recensera Security Testing Web Applications!

Arrangörsrecensioner
(4,5)
Baseras på 712 recensioner.
Alla recensioner för arrangören

Liknande utbildningar