Mastering Web Security Testing ( 5 days )

Mastering Web Security Testing

India’s First 5-Day Hands-On Workshop On Web Security Testing

The best course available in the market. Compare to believe!
Comprehensive training on web security testing
40 hours of in-classroom workshop time, exclusive of lunch/tea breaks
Late evening extended time provided on request
Focus on strong fundamentals
Elaborate coverage of tools and their comparions
Focus on web security from testing perspective
40+ Hands-On Exercises
No assumptions about existing knowledge
Small batch size of 20 for more involved training.
Content developed over 3 years by the author.
Well received by testers as well as developers.

The attendees would be provided with the following:

Course material
TesterFox 0.1: A portable FireFox, bundled with 20+ security testing plugins, that I have developed for the attendees
Portable tools for mind mapping, text editing, text comparion
Portable web proxies
Portable Vulnerable app environment for practice
( Optional, separate charges ) Pre and post-assessment based on objective type of subjective type questions
( Optional, separate charges ) Post-training on-the-job support for applying the concepts

Concepts

The Changing Face of the Web
How It Was
How It is Now
Why Web technologies became so popular
A high level view of Browsers, HTML, JavaScript, XML etc.

Where are the security issues in a software
Basics of Encryption : Shared Key, Private Key, Hashing
The Basic CIA Triad
CIA Triad Extended: Security Attributes with Examples – Authentication, Authorization, Confidentiality, Integrity, Non-Repudiation/Accountability, Availability
Understanding basic web user operations w.r.t. security attributes
What is the goal of security attacks
Why the attacks on the Web have become popular
All Input is Malicious
Change of Context – Data to Code

Introduction to HTTP
Introduction to Web Proxies
How does a Web Proxy Work
How to use a Web Proxy using Browser Options and Plugins
HTTP Request Format
HTTP Response Format
HTTP Methods
HTTP Status Codes
HTTP Headers
The key differences between a GET and POST
Converting a GET into POST and vice versa
HTTP is stateless
Session Management
Session Tokens versus Session
Cookies
Hidden Variables

The Change in Mindset
Dealing with Software Requirements
Treating Security Bugs Differently
Exploration – The Basis of Security Testing
Ethics

Client-side restrictions – HTML / JavaScript
Cookies from Security Perspective
Encoding
Encoding versus Encryption
Encoding Schemes – URL Encoding, Base64 Encoding, Hex Encoding, HTML Encoding, Unicode Encoding
Session Management from Security Perspective
Authentication and Authorization from Security Perspective
HTML Parameters from Security Perspective
The Misplaced Trust on Client
Firewalls and Intrusion Detection/Prevention Systems
Load Balancers and their impact on security testing
Understanding Web Architecture

Introduction to Social Engineering
How is Social Engineering related to Web Security
Phishing
How Attackers Deliver Attacks using Social Engineering
SPAM and why what we are discussing is related and is different from common SPAM
How other vulnerable websites bring security challenge to your website
Malicious websites and attack delivery
Using Social engineering knowledge in bug Advocacy

Mapping an application from security perspective
Using Browser
Using Browser and Plugins
Using Browsers and Proxies as Spiders
What are the different areas of interest

Static Automated Vulnerability Scanning
Dynamic Automated Vulnerability Scanning
Automated Vulnerability Scanning versus Exploratory Security Testing
False Positives and False negatives
How WebScarab points to vulnerabilites
How Fiddler can help in identifying vulerabilities
Nikto
Commercial scanners

Vulnerability Lists ( Focus on OWASP )
Injection (Focus on SQL Injection and SMTP Injection )
Cross-Site Scripting
Authentication Flaws
Session Management Flaws
Authorization Flaws
Cross-Site Request Forgery
Insecure Configuration
Insecure Storage
Insecure Transmission
Redirection Flaws

Automating Web Security Testing using Proxy Options
Automating Web Security Testing using Python
Fuzzing – From Ground Up
Fuzzing in the context of Web Security
JBroFuzz
Fuzzing Tools and Frameworks in Python

Handling Input Attacks
Handling Attackers
Countermeasures for various web attacks
Secure Design Principles

Secure Development Lifecycle
Threat Modeling
Use and Abuse Cases
Data Flow Diagrams
Attack Trees
STRIDE Model
Risk Evaluation – DREAD
Handling Risks

Hands-On

The exercises are conducted using local vulnerable apps which have been designed and developed for the purpose. No public website is used for the exercises, as that would break the Ethics code.

Python
- A Crash course on Python language
- Focus on base syntax and functions
- Handling dictionaries
- String parsing using string methods and regex
HTML
- Creating Basic HTML Links
- Creating Basic HTML Forms
Using Web Proxies
- BurSuite, WebScarab, Fiddler
- Understanding how the request is handled at various stages -> browser, TCP, web server, web framework middle layer, web server ( and then DB server, web service etc. if applicable )
- Converting a GET into a POST request and vice versa
- Proxy for Web Spidering
- Proxy for Static Vulnerability Scanning
Using Browser Plugins
- Proxy Bar, Proxy Button
- Tamper Data
- SQLInject Me
- Access Me
- XSSMe
- HackBar
- Groundspeed
- FireBug / Web Developer
Encoding and Decoding
- URL Encoding
- Base64 Encoding
- Custom Encoding Schemes
- Various Tool Choices covered included CAL9000
Parameter Tampering
- Hidden Variables
- URLs
- Form Data
Breaking Authentication
- Brain-storming on various authentication flaws
- Forgot Password Exercises
Breaking Access Flaws
- Naming conventions from security perspective
- Thinking from the development angle
- Finding hidden directories and parameters
- Manipulating Direct Object References
Breaking Session Management
- Cookie Manipulation
SQL Injection
- Understanding SQL using MySQL Database
- Identifying database usage
- Imagining SQL based on the web application context
- String and Numeric SQL Injection
- Understanding when to use which form
- Understanding attack delivery for bug advocacy
- SQL Injection cheatsheet
SMTP Injection
- Understanding SMTP
- SMTP Injection Exercise
- Understanding Attack Delivery for Bug Advocacy
Cross-Site Scripting ( XSS )
- Hands-On JavaScript
- Retrieving cookies using JavaScript
- Reflected XSS
- Stored XSS
- Understanding Delivery mechanism of XSS
- Image source loading
- Relation to Social Engineering
Cross-Site Request Forgery ( XSRF )
- Understanding Saved Authentication Mechanisms
- Understanding Img source loading and IFRAMEs
- XSRF Exercise
Redirection attacks
- Understanding the Attack
- Relation to redirection to phishing and malicious websites
- Redirection manipulation exercise
Custom Web Security Test Automation and Fuzzing
- JBroFuzz
- Web client libraries in Python
- Automating a basic brute force parameter tampering attack using Python
Threat Modeling
- Abuse Cases
- Data Flow Diagrams for common scenarios
- Attack Trees

Want to Know More? Let’s Talk.

4 responses to “Mastering Web Security Testing ( 5 days )”

AAshish
May 14, 2012 at 11:19 am | Permalink | Reply

Hi Rahul Sir,

I would like to attend this workshop. I have 1 year of experience in software testing. Kindly share more details.

Best regards
Ashish
1. Rahul Verma
  May 14, 2012 at 2:44 pm | Permalink | Reply
  
  @Ashish,
  
  This one is meant for corporate trainings.
  
  Please check my upcoming 3-day web security testing workshop here: http://www.testingperspective.com/?p=2922
Pankaj Kale
July 25, 2012 at 4:40 pm | Permalink | Reply

May I get the details for the upcoming Public Workshop???
Rahul Verma
August 4, 2012 at 9:36 am | Permalink | Reply

@Pankaj,

The workshops are announced on a periodic basis. Please subscribe to the RSS feed of Testing Perspective and you’ll get updated.

Regards,
Rahul