HTTP Basics
- How HTTP works?
- Different Request methods
- HTTP request/response examples
- Understanding HTTP error codes
- Use of cookies
- How to detect cookies
- Using HTTP interceptor tools
- Exercise
- Using Paros to intercept HTTP traffic
- Web Application Security
Why Web Application Security
- Understanding the difference between network and application security
- Introduction to WASC
- Introduction to OWASP top 10
- Learning OWASP Vulnerabilities ( Concept + Threat Modeling + Finding out the vulnerability in a web application)
- XSS concepts.
SQL Injection Concepts
- Broken Authentication and Session Management
Learning OWASP Vulnerabilities Continued
- Cross-Site Request Forgery (CSRF)
- Security Misconfiguration
- Insecure Cryptographic Storage
- Failure to Restrict URL Access
- Insufficient Transport Layer Protection
- Unvalidated Redirects and Forwards
- Malicious file execution
- Improper error handling
Introduction To Web Inspect
- Learn what Web Inspect is
- Installation and licensing policy
- Understand how Web Inspect works and what types of security issues it finds
- Overview of the tool
- Typical workflow
- Preparation required before using this tool
Introduction and Case Study
- Web Hacking Case Studies
- Business Risks from Application Vulnerabilities
Web 2.0 Security
- What is Web 2.0?
- AJAX Vulnerabilities
- What are Web Services?
- Web Services Vulnerabilities