• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Web application security - Course overview

Web application security - Course overview



Web Application penetration testing course content.

Web Application penetration testing course content.



Total Views
Views on SlideShare
Embed Views



4 Embeds 808

http://securitylearn.wordpress.com 670
http://mrgeeksolutions.com 131
http://www.mrgeeksolutions.com 6
http://mrgeekim.com 1



Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

    Web application security - Course overview Web application security - Course overview Document Transcript

    • Web Application Security Course Overview Satish.B Email: satishb3@securitylearn.net
    • Course ContentHistory of web application Introduction to web application architectureUniform Resource Locator (URL)HTTP Introduction HTTP Methods WEBDAV methods Request/Response analysis Security problems with httpHTTPS Handshake protocol Record protocolProxy Man in the middle attack Tools: Burp proxy, Paros proxy, web scarabEncoding Techniques URL Encoding HTML Encoding Unicode Encoding Tools: Burp decoderProfiling Application Spiders, crawlers Search engine discovery Banner Grabbing Robots.txt Analysis of error codes Tools: HttpPrint, netcraftAttacking Authentication Authentication Types Brute force attacks Analyzing Auto complete options Insecure credential transmission Session puzzle attacks Authentication bypass techniques Shoulder surfing 2 http://www.securitylearn.net
    • CAPTCHA Rebinding attacks Countermeasures Tools: Bruter, Burp Repeater, Burp IntruderAttacking Authorization Authorization types Parameter tampering Horizontal privilege escalation Vertical privilege escalation Referrer spoofingCryptography weakness Symmetric cryptography Asymmetric cryptography Substitution cipher Stream cipher Block cipher Steganography SSL cipher testing Cracking hashes Padding oracle attack Cracking ECB encryption Tools: SSLDigger, MD5 crackAttacking Session management Introduction Secure flag HTTPOnly flag Cookie Domain & Path Session Token analysis Session fixation Cookie transmission mechanisms Tools: Burp sequencer Timeout issuesCross site scripting attacks Same origin policy Reflective XSS Stored XSS DOM based XSS Anatomy of XSS Exploitation Impact of XSS XSS Shell 3 http://www.securitylearn.net
    • XSS & Metasploit Black list/White list Input validation Output encoding Remediation Tools: BeefSQL injection Error based SQLi Blind SQLi SQLi exploitation Data extraction with UNION queries Data extraction with inference techniques Command execution with SQLi Impact of SQLi Remediation Stored procedures Vs Parameterized queries Tools: SQLMap, AbsintheCross site request forgery Anatomy of CSRF Remediation CAPTCHA Rebinding attack Tool: CSRFTesterURL Redirection attacks Phishing attacks RemediationHTTP Response splitting Cache positioning Command executionInput validation attacks File Uploads Path traversal attacks Local file inclusions Remote file inclusions Command Execution Remediation TechniquesServer Configuration issues WEBDAV methods Caching vulnerabilities Directory listing 4 http://www.securitylearn.net
    • Attacking Web Server Denial of service attacks Buffer over flows RemediationOWASP Top10 web application risksScanners Usage of tools Pros, Cons & Problems with scanners IBM- AppScan HP- WebInspectRisk Assessment OWASP Risk Rating methodologyPentest Reports Executive reports Detailed reportsWeb Application Security ChecklistContactSatish BEmail: satishb3@securitylearn.net satishb3@hotmail.com 5 http://www.securitylearn.net