Nie odkładaj rozwoju na później. Kursy Python, Data, AI i inne taniej do 24 marca.
Sprawdź
Trainings listAI

Security in Testing Training

Level

Intermediate

Duration

20h / 3 days

Date

Individually arranged

Price

Individually arranged

Security in Testing Training

Web application security is a key aspect in designing, developing, and maintaining web applications. These protections are extremely important because the Internet is full of threats, and attackers constantly try to exploit various vulnerabilities in applications for illegal purposes. Web application security is an ongoing process that requires attention at every stage of application development and operation.

Who is this training for?
  • logo infoshare For software testers who want to expand their knowledge and skills in web application security
  • logo infoshare For individuals interested in a career as a junior web application pentester
  • logo infoshare For current web application developers who want to expand their knowledge and skills in web application security

Participants

  • Basic programming skills in Java, PHP, or .NET
  • Basic knowledge of JavaScript
  • Basic knowledge of SQL
  • Basic knowledge of IT solution architecture
  • Basic knowledge of web applications
  • Basic understanding of operating systems and computer networks

What You Will Learn

  • This training provides participants with insight into various aspects of web application security as well as skills in identifying and addressing vulnerabilities.

Training Program

  1. Introduction to Web Application Security

  • Web application security fundamentals
  • Web application architecture
  • OWASP Top 10 (2021)
  • CWE / CVE / CVSS – vulnerability classification and scoring

  1. Information Gathering and Enumeration

  • Information gathering techniques
  • Enumeration methods
  • Tools used in reconnaissance
  • Network traffic analysis
  • Protocols comparison:
    • FTP vs HTTP vs HTTPS
  • HTTP request manipulation
    • GET request modification
    • POST / PUT / DELETE request modification

  1. Vulnerability Analysis – Core Issues

  • SQL Injection (SQLi) – SQL and NoSQL
  • OS Command Injection (OSi)
  • Unrestricted File Upload (UFU)
  • Data leakage
    • Log content exposure
    • Open source code leaks
  • Low hanging fruit vulnerabilities
  • Lack of proper error handling

  1. Network Traffic Security

  • TLS / SSL fundamentals
  • HTTP security headers
  • Same-Origin Policy (SOP)
  • Cross-Origin Resource Sharing (CORS)

  1. Advanced Vulnerability Analysis (Attack, Defense, Examples)

  • Cross-Site Scripting (XSS)
  • XML vulnerabilities
    • XML External Entity (XXE)
    • XML Denial of Service
  • Cross-Site Request Forgery (CSRF)
  • Local File Inclusion (LFI)
  • Remote File Inclusion (RFI)
  • Directory Traversal (DT)
  • Brute Force (BF)
  • Insecure Direct Object Reference (IDOR)
  • Server-Side Template Injection (SSTI)
  • Server-Side Request Forgery (SSRF)
  • Denial of Service (DoS) and Application DoS
  • Vulnerable and outdated components

  1. API Security

  • Authentication and authorization methods
  • Common API security vulnerabilities
  • OWASP API Security Top 10 (2019)

  1. Fuzzing and Specialized Testing

  • Web application fuzzing
  • Mobile application security basics
  • Using proxies in security testing
  • Reverse engineering fundamentals

Contact us

we will organize training for you tailored to your needs

Przemysław Wołosz

Key Account Manager

przemyslaw.wolosz@infoShareAcademy.com

    The controller of your personal data is InfoShare Academy Sp. z o.o. with its registered office in Gdańsk, al. Grunwaldzka 427B, 80-309 Gdańsk, KRS: 0000531749, NIP: 5842742213. Personal data are processed in accordance with information clause.