Web Application Security      Course Overview               Satish.B               Email:               satishb3@securityl...
Course ContentHistory of web application    Introduction to web application architectureUniform Resource Locator (URL)HTTP...
CAPTCHA Rebinding attacks       Countermeasures       Tools: Bruter, Burp Repeater, Burp IntruderAttacking Authorization  ...
XSS & Metasploit       Black list/White list       Input validation       Output encoding       Remediation       Tools: B...
Attacking Web Server       Denial of service attacks       Buffer over flows       RemediationOWASP Top10 web application ...
Upcoming SlideShare
Loading in …5
×

Web application security - Course overview

4,473 views

Published on

Web Application penetration testing course content.

Published in: Education, Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
4,473
On SlideShare
0
From Embeds
0
Number of Embeds
2,538
Actions
Shares
0
Downloads
64
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Web application security - Course overview

  1. 1. Web Application Security Course Overview Satish.B Email: satishb3@securitylearn.net
  2. 2. Course ContentHistory of web application Introduction to web application architectureUniform Resource Locator (URL)HTTP Introduction HTTP Methods WEBDAV methods Request/Response analysis Security problems with httpHTTPS Handshake protocol Record protocolProxy Man in the middle attack Tools: Burp proxy, Paros proxy, web scarabEncoding Techniques URL Encoding HTML Encoding Unicode Encoding Tools: Burp decoderProfiling Application Spiders, crawlers Search engine discovery Banner Grabbing Robots.txt Analysis of error codes Tools: HttpPrint, netcraftAttacking Authentication Authentication Types Brute force attacks Analyzing Auto complete options Insecure credential transmission Session puzzle attacks Authentication bypass techniques Shoulder surfing 2 http://www.securitylearn.net
  3. 3. CAPTCHA Rebinding attacks Countermeasures Tools: Bruter, Burp Repeater, Burp IntruderAttacking Authorization Authorization types Parameter tampering Horizontal privilege escalation Vertical privilege escalation Referrer spoofingCryptography weakness Symmetric cryptography Asymmetric cryptography Substitution cipher Stream cipher Block cipher Steganography SSL cipher testing Cracking hashes Padding oracle attack Cracking ECB encryption Tools: SSLDigger, MD5 crackAttacking Session management Introduction Secure flag HTTPOnly flag Cookie Domain & Path Session Token analysis Session fixation Cookie transmission mechanisms Tools: Burp sequencer Timeout issuesCross site scripting attacks Same origin policy Reflective XSS Stored XSS DOM based XSS Anatomy of XSS Exploitation Impact of XSS XSS Shell 3 http://www.securitylearn.net
  4. 4. XSS & Metasploit Black list/White list Input validation Output encoding Remediation Tools: BeefSQL injection Error based SQLi Blind SQLi SQLi exploitation Data extraction with UNION queries Data extraction with inference techniques Command execution with SQLi Impact of SQLi Remediation Stored procedures Vs Parameterized queries Tools: SQLMap, AbsintheCross site request forgery Anatomy of CSRF Remediation CAPTCHA Rebinding attack Tool: CSRFTesterURL Redirection attacks Phishing attacks RemediationHTTP Response splitting Cache positioning Command executionInput validation attacks File Uploads Path traversal attacks Local file inclusions Remote file inclusions Command Execution Remediation TechniquesServer Configuration issues WEBDAV methods Caching vulnerabilities Directory listing 4 http://www.securitylearn.net
  5. 5. Attacking Web Server Denial of service attacks Buffer over flows RemediationOWASP Top10 web application risksScanners Usage of tools Pros, Cons & Problems with scanners IBM- AppScan HP- WebInspectRisk Assessment OWASP Risk Rating methodologyPentest Reports Executive reports Detailed reportsWeb Application Security ChecklistContactSatish BEmail: satishb3@securitylearn.net satishb3@hotmail.com 5 http://www.securitylearn.net

×