WEB APPLICATION

SECURITY ASSESSMENT
Level: Intermediate | Duration: 3 days

Web applications are listed in the top ten security issues for years.
Web application assessment plays an important role to secure web
applications from attacks. This course covers web applications security
and its technologies.
The course will examine web architectures from penetration tester
perspective. Participants will learn to start actual process of penetration
testing, starting with the reconnaissance and mapping phases and end by
vulnerabilities discovery and exploitation.
Then, participants will identify and discuss ten (10) common web
application vulnerabilities and recommendations as well as related
mitigations and testing strategies that include secure coding methods.
This course concludes by launching actual exploits against ten (10)
common web application vulnerabilities found on testing applications.
Participants are able to explore multiple exploit attacks.
Objectives
1. Understand the essentials topics underlying web applications;
2. Understand and learn the vulnerabilities and threats faced;
3. Identify methods of exploiting these vulnerabilities;
4. Identify methods of protecting and mitigating these threats and
attacks;
5. Identify secure coding practices to address these weaknesses;
6. Secure the web server in the organization infrastructure
Target Participants
1. Management, Administrator, IT Security personnel who are in charged
of security in their organizations
2. Also applicable to individual who wants to learn about web application
security and experience some hands-on penetration testing exercises
3. This training requires some experience and this is not a programming
class

Modules
Day 1: Principles of Web Application Day 2: Common Threats and Defend
Security Assessment
6. SQL Injection & Blind SQL Injection
1. Web Application Basic 7. Cross Site Scripting (XSS)
2. Web Application Security Assessment 8. Information Leakage and Improper
Methodology Error Handling
3. Reconnaissance & Mapping 9. Sensitive Data Exposure
4. Vulnerabilities Discovery 10. Cross Site Request Forgery
5. Exploitation 11. Failure to Restrict URL Access
12. Remote File Include (RFI)
13. Broken Authentication & Session
Management
Day 3: Web Application Cyber Attacks
14. SQL Injection & Blind SQL Injection
15. Cross Site Scripting (XSS)
16. Information Leakage and Improper
Error Handling
17. Sensitive Data Exposure
18. Cross Site Request Forgery
19. Failure to Restrict URL Access
20. Remote File Include (RFI)
21. Broken Authentication & Session
Management

For additional information, please visit www.cyberguru.my. You can also contact us at training@cybersecurity.my or call at 03 8800 7999

Corporate Office:
CyberSecurity Malaysia, Level 7, Tower 1, Menara Cyber Axis, Jalan Impact, 63000 Cyberjaya,
Selangor Darul Ehsan, Malaysia | Tel: +603 8800 7999 | Fax: +603 8008 7000
Email: info@cybersecurity.my | Customer Service Hotline: +61 300 88 2999 | www.cybersecurity.my