Course Outline

Introduction

Exploring the OWASP Testing Project

  • Principles of testing
  • Testing techniques
  • Deriving security test requirements
  • Security tests integrated in development and testing workflows
  • Security test data analysis and reporting

Working with the OWASP Testing Framework

  • Phase 1: Before development begins
  • Phase 2: During definition and design
  • Phase 3: During development
  • Phase 4: During deployment
  • Phase 5: Maintenance and operations
  • A typical lifecycle testing workflow
  • Penetration testing methodologies

Testing the Web Application Security

  • Introduction and objectives
  • Information gathering
  • Conduct search engine discovery and reconnaissance for information leakage
  • Fingerprint web server
  • Review webserver metafiles for information leakage
  • Enumerate applications on webserver
  • Review webpage content for information leakage
  • Identify application entry points
  • Map execution paths through application
  • Fingerprint web application framework
  • Fingerprint web application
  • Map application architecture
  • Configuration and deployment management testing
  • Test network/infrastructure configuration
  • Test application platform configuration
  • Test file extensions handling for sensitive information
  • Review old, backup, and unreferenced files for sensitive information
  • Enumerate infrastructure and application admin interfaces
  • Test HTTP methods
  • Test HTTP strict transport security
  • Test RIA cross domain policy
  • Test file permission
  • Test for subdomain takeover
  • Test cloud storage

Identity Management Testing

  • Test role definitions
  • Test user registration process
  • Test account provisioning process
  • Testing for account enumeration and guessable user account
  • Testing for weak or unenforced username policy

Authentication Testing

  • Testing for credentials transported over an encrypted channel
  • Testing for default credentials
  • Testing for weak lock out mechanism
  • Testing for bypassing authentication schema
  • Testing for vulnerable remember password
  • Testing for browser cache weakness
  • Testing for weak password policy
  • Testing for weak security question answer
  • Testing for weak password change or reset functionalities
  • Testing for weaker authentication in alternative channel

Authorization Testing

  • Testing directory traversal/file include
  • Testing for bypassing authorization schema
  • Testing for privilege escalation
  • Testing for insecure direct object references

Session Management Testing

  • Testing for session management schema
  • Testing for cookies attributes
  • Testing for session fixation
  • Testing for exposed session variables
  • Testing for cross site request forgery
  • Testing for logout functionality
  • Testing session timeout
  • Testing for session puzzling
  • Testing for session hijacking

Input Validation Testing

  • Testing for reflected cross site scripting
  • Testing for stored cross site scripting
  • Testing for HTTP verb tampering
  • Testing for HTTP parameter pollution
  • Testing for SQL injection
  • Testing for Oracle
  • Testing for MySQL
  • Testing for SQL server
  • Testing for PostgreSQL
  • Testing for MS Access
  • Testing for NoSQL injection
  • Testing for ORM injection
  • Testing for Client-side
  • Testing for LDAP injection
  • Testing for XML injection
  • Testing for SSI injection
  • Testing for XPath injection
  • Testing for IMAP/SMTP injection
  • Testing for code injection
  • Testing for local file inclusion
  • Testing for remote file inclusion
  • Testing for command injection
  • Testing for format string injection
  • Testing for incubated vulnerability
  • Testing for HTTP splitting/smuggling
  • Testing for HTTP incoming requests
  • Testing for host header injection
  • Testing for server-side template injection
  • Testing for server-side request forgery

Testing for Error Handling

  • Testing for improper error handling
  • Testing for stack traces

Testing for Weak Cryptography

  • Testing for weak Transport Layer Security
  • Testing for padding Oracle
  • Testing for sensitive information sent via unencrypted channels
  • Testing for weak encryption

Business Logic Testing

  • Introduction to business logic
  • Test business logic data validation
  • Test ability to forge requests
  • Test integrity checks
  • Test for process timing
  • Test number of times a function can be used limits
  • Testing for the circumvention of work flows
  • Test defenses against application misuse
  • Test upload of unexpected file types
  • Test upload of malicious files

Client-Side Testing

  • Testing for DOM-based cross site scripting
  • Testing for JavaScript execution
  • Testing for HTML injection
  • Testing for client-side URL redirect
  • Testing for CSS injection
  • Testing for client-side resource manipulation
  • Testing cross origin resource sharing
  • Testing for cross site flashing
  • Testing for clickjacking
  • Testing WebSockets
  • Testing web messaging
  • Testing browser storage
  • Testing for cross site script inclusion

API Testing

  • Testing GraphQL

Reporting

  • Introduction
  • Executive summary
  • Findings
  • Appendices

Requirements

    A general understanding of web development lifecycle Experience in web application development, security, and testing.

Audience

    Developers Engineers Architects
  21 Hours
 

Testimonials (1)

Related Courses

CRISC - Certified in Risk and Information Systems Control

  21 Hours

Standard Java Security

  14 Hours

Related Categories