Learn to defend by learning the hacker mindset

certificate
Recording and certification are available to Multipass and Full ticket holders only
Please login if you have one.
Rate this content
Bookmark

The Application Security Training is a 3 Hour training. This Training is intended for those who are interested in making a career in the Information Security domain. This training involves real world scenarios that every Security Professional must be well versed with. It involves decompiling, real-time analyzing and testing of the applications from a security standpoint.

This training covers understanding the internals of web and mobile web applications, Real-time testing of web applications and android applications and a strategic approach to analyze applications for OWASP Top 10 vulnerabilities (Web) security issues such as Injections, Cross Site Scripting (XSS), CSRF Attacks, Insecure API’s, Insecure logging, Insecure communication, Insufficient cryptography, Insecure authentication and Poor code quality and many more.

This workshop has been presented at TestJS Summit 2021, check out the latest edition of this JavaScript Conference.

FAQ

Web app end testing involves evaluating the complete workflow of a web application to ensure it functions as expected from start to finish.

The speaker is a security relations leader at Snyk and a global board of directors member at OWASP. They are also a speaker trainer at Defcon and Black Hat and have spoken at various conferences.

OWASP stands for Open Web Application Security Project. It is a global security community focused on improving the security of software through community-led open-source software projects.

The three components of the CIA triad are Confidentiality, Integrity, and Availability.

Input validation is important to prevent attacks like SQL injection and cross-site scripting (XSS), which can manipulate or exploit the application by entering malicious inputs.

Broken access control can allow unauthorized users to access sensitive information or functionalities, leading to privacy breaches and potential data leaks.

Some common methods used in HTTP requests are GET, POST, PUT, DELETE, and OPTIONS.

Using outdated components can introduce vulnerabilities into the application, as these components may have known security flaws that can be exploited by attackers.

Secure design is crucial in application development to prevent potential security flaws and ensure the application can resist attacks and function securely.

Server-side request forgery (SSRF) is an attack that tricks a server into making unauthorized requests, potentially leading to the exposure of sensitive information or internal network scanning.

Vandana Verma
Vandana Verma
105 min
23 Nov, 2021

Comments

Sign in or register to post your comment.

Video Summary and Transcription

Today's Workshop covered a range of topics related to web application security. It emphasized the importance of understanding and addressing security in everyday activities. The Workshop discussed various vulnerabilities and techniques for exploiting them, including SQL injection and cross-site scripting. It also highlighted the significance of secure design, proper authentication and session management, and the detection of breaches. Resources such as the OWASP Top 10 and the Security Knowledge Framework were recommended for further learning.
Video transcription and chapters available for users with access.