Web application flaws can leave an organisation and its customers vulnerable to attacks. Attacks lead to an array of losses for that organization, including the loss of trust from its customers. 

Luckily, we’re here to help you gain knowledge of and protection against the “OWASP Top 10”.

What is OWASP Top 10?

To put it shortly, “OWASP Top Ten Web Application Security Vulnerabilities”, is a broad consensus about what the most critical web application security flaws are.

This powerful awareness document should be adopted within every organization to ensure that their web applications do not contain these flaws and to change the organization’s software development culture into one that produces safe code.

Our “OWASP Top 10” Training is a 3-day ethical hacking course, designed to give you the skills you need to undertake an application penetration test in order to ensure that valuable data and assets are effectively protected.

During this course, you will have access to a functional ASP.NET and PHP application, through which theory will be reinforced by way of practical exercises in order to demonstrate hacking techniques with defensive countermeasures always in mind.

This course will teach you:

  • A number of methodologies for undertaking a web application penetration test
  • How to exploit vulnerabilities to access data and functionalities
  • A range of defensive countermeasures as well as how to counter attacks

Through this course, you will:

  • Learn effective techniques to identify exploits and vulnerabilities
  • Improve your ability to respond effectively to cyber threats
  • Acquire the skills and understanding to reach the next stage in your career as a security profession

Attend this course if:

You have responsibilities or interests in the area of web application security.

This course is especially useful for:

  • System administrators
  • Software developers
  • Budding penetration testers

Syllabus

  • Proxies
  • The OWASP Top 10
  • Web application security auditing
  • Tools and their limitations
  • HTTP request and response modification
  • Logic flaws
  • Types
  • Databases overview – data storage, SQL
  • SQL injection – data theft, authentication
  • Bypass, stored procedures
  • Information leakage through errors
  • Blind SQL injection
  • Scenarios
  • Attacking authentication
  • Insecure Direct Object Reference
  • Direct vs indirect object references
  • Authorisation
  • Cross-site Request Forgery (CSRF)
  • Exploiting predictable requests
  • JavaScript
  • Email spoofing
  • Phishing
  • Reflected and Stored/Persistent XSS
  • Cookies, sessions and session hijacking
  • Scenarios
  • Information leakage through logs
–          Scenarios
  • Identifying sensitive data
  • Secure storage methods
Notify me!

Interested in any of our courses?

Leave us your name and email through the contact page, and we’ll notify you as soon as we set a date for the following session.
Notify me!