Overview
National Security Database is a verified list of credible and trustworthy Information security experts who work to protect the National Critical Infrastructure and cyber space of the country. The database also acts as a security clearance credit for accessing and operating on information for higher positions in the industry.
A non-profit project of ISAC, supported by the Government of India, NSD empaneling for an Information Security Professional not only helps in gaining higher credibility but also makes it easier to both the Industry and the Government to identify professionals who can be trusted with protecting sensitive data.
NSD Specialty Domain – Web Application Security
The program is focused on approach based testing of web applications and teaches you how to find the vulnerabilities that are seen frequently in web applications and trains you extensively on manual testing of its components for eliminating threats. At the end of the bootcamp, you will be able to understand how to secure web servers and web applications. The candidates will be able to successfully carry out Penetration testing and Vulnerability assessments for Web Applications and suggest countermeasures or solutions for the same.
Pre-requisites
• In-Depth understanding of Web-Application Architecture
• Exposure to web application development will add value
• Understanding of Database Management Systems
• Thorough knowledge of all the OWASP Top-Ten Vulnerabilities
• Experience in Programming
In this boot-camp, we will focus on in-depth approach and techniques of Web Application Security.
Web Application Security Boot-camps
You can attend in-depth Web Application Security boot-camps offered by ISAC approved partners.
Program contents:
Introduction to Web Apps & Architecture
Introduction
Components of a web application
Basic Architecture
Static and Dynamic Websites
Web technologies
J2EE, ASP.NET, PHP
Overview of SOAP, XML and Web services
Overview of JSON
Top 10 Web Application Threats
Cross Site Scripting (XSS)
Injection Flaws
Malicious File Execution
Insecure Direct Object Reference
Cross Site Request Forgery (CSRF)
Information Leakage and Improper Error Handling
Broken Authentication and Session Management
Insecure Cryptographic Storage
Insecure Communications
Failure to Restrict URL Access
Web Application Penetration Testing
Information Gathering
Configuration Management Testing
Authentication Testing
Session Management Testing
Authorization Testing
Business Logic Testing
Data Validation Testing
Testing for Denial of Service
Web services testing
AJAX testing
Advanced Application Security
Application Threat Modeling
Securing Coding Secure coding principles for Web applications
Security Policies
Using compiler defense mechanisms
Source code analysis
Code Review (Asp.net & J2EE)
Documentation and Reporting Risks.
Registration benefits include:
- 3 Day hands-on boot-camp on NSD specialty domain – Web Application Security
- NSD Lab exam voucher for specialty domain – Web Application Security
- Training Participation certificate from ISAC
- Study Materials (Hands-on lab videos in DVDs)
- Additional tool-kits for Web Application Security labs
Cost: INR 25,000/-
All applicable taxes extra!
For Boot-camp schedule please visit: