Global

Proactive Web Defense

3 Days | Face to Face

Exploit the vulnerabilities of a web application – as if you were behind the screen of an attacker.

The exploitation of a single security flaw in a web application can easily lead to a fully-fledged security breach. This course uses step-by-step tutorials and practical exercises to give participants a tangible and thorough understanding of the modern offensive mindset and its capabilities. The focus is on providing guidance on secure coding best practice and defensive programming strategies to make web applications more robust and resilient to attacks.

  • Practical, exercise-driven, and business-focused
  • Written and delivered by our consultants – experienced cyber security professionals, responsible for delivering web security assessments, daily
  • Focused on the offensive techniques and capabilities of modern attackers, and how to defend against them
  • Free reign to exploit a realistic web application with the latest tooling and techniques
  • Teaches how to introduce security into the development life-cycle in a practical manner
  • Covers: secure coding principles, design and source code reviews, and vulnerability assessment tools
Who should attend?

This course is designed for individuals responsible for web development, but it’s just as suitable for technical project managers. Content caters for beginners with limited or no security knowledge, with a gradual progression to advanced topics. 

  • Can build a dynamic web application that can communicate with a database
  • Has a basic understanding of relational databases and SQL
  • Can read basic JavaScript (even if you can’t write it)
  • Understands the basic principles of web servers and HTTP
Course highlights
  • Identify, exploit, and remediate all the common web application security flaws over and above the OWASP Top Ten
  • Build secure web applications that withstand advanced attacks
  • Learn how hackers attack web applications, web servers and database servers
  • Deploy secure web and database servers that can withstand an attack
  • Build a development team with the most up-to-date and effective secure coding practices at their disposal
The business case

From your team to the board, everyone needs results, which is why our courses come with their own individual business case.

This 3-day Proactive Web Defense course will:

  • Strengthen your web-based applications’ resilience to cyber attacks, including the most advanced threats
  • Kick-start a reputation of cyber security excellence to improve relationships with third parties and prospective employees
  • Improve your adherence to GDPR regulations
  • Reduce the time and cost of remediating vulnerabilities by increasing your organization’s defensive and offensive cyber security capabilities
  • Create positive awareness of – and conventions towards – cyber security standards within the development team and beyond
  • Help you fulfil secure coding requirements for PCI DSS
Show your interest

Please enter your details below. We’ll be in touch to find out your requirements as soon as possible:

Syllabus

Foundation

  • Hackers: Culture and Motives
  • A History of Hacking
  • Firewalls Pitfalls
  • The CIA Triad
  • HTTP Protocol Refresher

Client-Side Attacks

  • Cross-Site Scripting (XSS)
  • Advanced XSS Attacks
  • Output Encoding
  • Cross-Site Request Forgery (CSRF)
  • Cross-Site Redirects
  • Clickjacking Attacks

Injection Attacks

  • SQL Injection for Authentication Bypass and Data Extraction
  • XML Injection
  • LDAP Injection
  • XPath Injection
  • CRLF Injection
  • SMTP Injection
  • OS Command Injection
  • XML eXternal Entity Processing (XXE)
  • XML Denial of Service

Authentication & Authorization

  • Authentication Issues
  • Username Enumeration
  • Brute Force Attacks
  • Account Lockout
  • Multi-Factor Authentication
  • Forgotten Password Functionality
  • Session Hijacking
  • Session Fixation
  • Authorization Issues

Infrastructure-Level Attacks

  • Directory Traversal
  • Insecure File Upload
  • LFI and RFI
  • Web Server Hardening
  • Buffer Overflows
  • Dangerous HTTP Methods
  • Database Server Hardening
  • Attacking the Database Server

Encryption & Data Storage

  • Fundamentals of Encryption
  • Common Encryption Flaws
  • Secure Socket Layer (SSL)
  • Stored Data
  • Cracking Password Hashes
  • Data Leakage

HTML 5

  • XSS Filter Considerations
  • Cross-Origin Resource Sharing
  • Cross-Window Messaging
  • Web Local Storage

Integrating Security

  • Current State of the Industry
  • Secure Software Development Lifecycle
  • Security Requirements
  • Security Coding Standards
  • Conducting a Design Review
  • Conducting a Code Review
  • Vulnerability Scanning Tools
  • Penetration Testing
  • Logs and Alerts
  • Vulnerability Management
Accreditations & Certificates
DNV GL

F-Secure Consulting (F-Secure Cyber Security (Pty) Ltd) is a level 4 contributor to B-BBEE with a procurement recognition level of 100%. Learn more and download our B-BBEE certificate. Click here to read the press release.

Follow us
@fsecure_consult F-Secure-Consulting f-secure-foundry fsecurelabs