Satish.B

Email:

satishb3@securitylearn.net

Web Application Security Course Overview

2 http://www.securitylearn.net

Course Content

History of web application

Introduction to web application architecture

Uniform Resource Locator (URL)

HTTP

Introduction

HTTP Methods

WEBDAV methods

Request/Response analysis

Security problems with http

HTTPS

Handshake protocol

Record protocol

Proxy

Man in the middle attack

Tools: Burp proxy, Paros proxy, web scarab

Encoding Techniques

URL Encoding

HTML Encoding

Unicode Encoding

Tools: Burp decoder

Profiling Application

Spiders, crawlers

Search engine discovery

Banner Grabbing

Robots.txt

Analysis of error codes

Tools: HttpPrint, netcraft

Attacking Authentication

Authentication Types

Brute force attacks

Analyzing Auto complete options

Insecure credential transmission

Session puzzle attacks

Authentication bypass techniques

Shoulder surfing

3 http://www.securitylearn.net

CAPTCHA Rebinding attacks

Countermeasures

Tools: Bruter, Burp Repeater, Burp Intruder

Attacking Authorization

Authorization types

Parameter tampering

Horizontal privilege escalation

Vertical privilege escalation

Referrer spoofing

Cryptography weakness

Symmetric cryptography

Asymmetric cryptography

Substitution cipher

Stream cipher

Block cipher

Steganography

SSL cipher testing

Cracking hashes

Padding oracle attack

Cracking ECB encryption

Tools: SSLDigger, MD5 crack

Attacking Session management

Introduction

Secure flag

HTTPOnly flag

Cookie Domain & Path

Session Token analysis

Session fixation

Cookie transmission mechanisms

Tools: Burp sequencer

Timeout issues

Cross site scripting attacks

Same origin policy

Reflective XSS

Stored XSS

DOM based XSS

Anatomy of XSS

Exploitation

Impact of XSS

XSS Shell

4 http://www.securitylearn.net

XSS & Metasploit

Black list/White list

Input validation

Output encoding

Remediation

Tools: Beef

SQL injection

Error based SQLi

Blind SQLi

SQLi exploitation

Data extraction with UNION queries

Data extraction with inference techniques

Command execution with SQLi

Impact of SQLi

Remediation

Stored procedures Vs Parameterized queries

Tools: SQLMap, Absinthe

Cross site request forgery

Anatomy of CSRF

Remediation

CAPTCHA Rebinding attack

Tool: CSRFTester

URL Redirection attacks

Phishing attacks

Remediation

HTTP Response splitting

Cache positioning

Command execution

Input validation attacks

File Uploads

Path traversal attacks

Local file inclusions

Remote file inclusions

Command Execution

Remediation Techniques

Server Configuration issues

WEBDAV methods

Caching vulnerabilities

Directory listing

5 http://www.securitylearn.net

Attacking Web Server

Denial of service attacks

Buffer over flows

Remediation

OWASP Top10 web application risks

Scanners

Usage of tools

Pros, Cons & Problems with scanners

IBM- AppScan

HP- WebInspect

Risk Assessment

OWASP Risk Rating methodology

Pentest Reports

Executive reports

Detailed reports

Web Application Security Checklist

Contact

Satish B

Email: satishb3@securitylearn.net

satishb3@hotmail.com