Ota yhteyttä

Myyntipalvelu

Myynti

010 4321 001 Ota yhteyttä

Kesto: 2 päivä
Veroton hinta (+ alv 24 %): 1 550 €
Voit maksaa:
Koulutuskortti

Haluatko koulutuksen asiakaskohtaisena? Jätä yhteystietosi, niin palaamme asiaan. 

Jaa

Lataa pdf-muodossa

Web application security

A language agnostic 2-day Web application security course for the Tieturi Bootcamp.

Sisältö:

Day 1

Security basics

What is security?

Threat and risk

Types of threats against computer systems

Consequences of insecure software

Constraints and the market

The dark side

Categorization of bugs

  • Seven pernicious kingdoms
  • Common Weakness Enumeration (CWE)
  • CWE/SANS Top 25 Most Dangerous Software Errors
  • Vulnerabilities in the environment and the dependencies

The OWASP Top Ten

A1 - Injection

  • Injection principles
  • Injection attacks
  • SQL injection
    • SQL injection basics
    • Lab – SQL injection
    • Attack techniques
    • Content-based blind SQL injection
    • Time-based blind SQL injection
  • SQL injection best practices
    • Input validation
    • Output encoding
    • Parameterized queriesOther best practices
  • Lab – Using prepared statements
  • Case study – Hacking Fortnite accounts
  • Code injection
  • Command injection
    • Lab – Command injection
    • Command injection best practices
    • Lab – Command injection best practices
    • Case study – Command injection
  • Injection best practices
    • Input validation
  • Output sanitization
    • Encoding and escaping the output
    • Encoding challenges

A2 - Broken Authentication

  • Authentication basics
  • Authentication weaknesses
  • Spoofing on the Web
  • Case study – PayPal two factor authentication bypass
  • User interface best practices
  • Password management
    • Inbound password management
      • Storing account passwords
      • Lab – Why just hashing passwords is not enough?
      • Dictionary attacks and brute forcing
      • Salting
      • Adaptive hash functions for password storage
      • Password in transit
      • Password policy
      • Weak and strong passwords
      • Using passphrases
      • The Ashley Madison data breach
      • The dictionary attack
      • The ultimate crack
      • Exploitation of the results and the lessons learnt
    • Outbound password management
      • Hard coded passwords
      • Lab – Hardcoded password
      • Password in configuration file
    • Protecting sensitive information in memory
      • Challenges in protecting memory
    • Session management
      • Session management essentials
      • Why do we protect session IDs – Session hijacking
      • Session ID best practices
  • Insufficient session expiration
  • Session fixation
  • Cross-site Request Forgery (CSRF)
    • Lab – Cross-site Request Forgery
    • CSRF best practices
    • Lab – CSRF protection with tokens
  • Cookie security
    • Cookie security best practices
    • Cookie parameters

A3 - Sensitive Data Exposure

  • Information exposure
  • Exposure through extracted data and aggregation
  • System information leakage
    • Leaking system information
  • Information exposure best practices

 

Day 2

The OWASP Top Ten

A4 - XML External Entities (XXE)

  • DTD and the entities
  • Entity expansion
  • External Entity Attack (XXE)
    • File inclusion with external entities
    • Server-side request forgery with external entities
    • Lab – External entity attack
    • Case study – XXE vulnerability in SAP Store

A5 - Broken Access Control

  • Access control basics
  • Missing or improper authorization
  • Failure to restrict URL access
  • Confused deputy
    • Insecure direct object reference (IDOR)
    • Lab – Insecure Direct Object Reference
    • Authorization bypass through user-controlled keys
    • Case study – Authorization bypass on Facebook
  • File upload
    • Unrestricted file upload
    • Best practices
    • Lab – Unrestricted file upload

A6 - Security Misconfiguration

  • Configuration principles
  • Server misconfiguration
  • Configuration management

A7 - Cross-site Scripting (XSS)

  • Cross-site scripting basics
  • Cross-site scripting types
    • Persistent cross-site scripting
    • Reflected cross-site scripting
    • Client-side (DOM-based) cross-site scripting
    • Case study – XSS in Fortnite accounts
    • Lab – Reflected and stored XSS
  • XSS protection best practices
    • Protection principles - escaping
    • Additional protection layers
    • Client-side protection principles

A8 - Insecure Deserialization

  • Serialization and deserialization challenges
  • Deserializing untrusted streams
  • Deserializing best practices
  • Property Oriented Programming (POP)
    • POP best practices

A9 - Using Components with Known Vulnerabilities

  • Using vulnerable components
  • Assessing the environment
  • Hardening
  • Importing functionality from untrusted sources
  • Importing 3rd party JavaScripts
  • Case study – The British Airways data breach
  • Vulnerability management
    • Patch management
    • Vulnerability databases and scanning tools
    • Vulnerability rating – CVSS
    • Lab – Finding vulnerabilities of used components
    • The build process and CI / CD

A10 - Insufficient Logging & Monitoring

  • Logging and monitoring principles
  • Logging
    • Insufficient logging
    • Plaintext passwords at Facebook
  • Logging best practices
  • Monitoring
    • Monitoring best practices

Web application security beyond the Top Ten

  • Client-side security
  • Same Origin Policy
    • Relaxing the Same Origin Policy
    • Relaxing with Cross-Origin Resource Sharing (CORS)
    • Simple request
    • Preflight request
    • Tabnabbing
  • Frame sandboxing
    • Cross-Frame Scripting (XFS) attack
    • Clickjacking beyond hijacking a click
    • Lab - Clickjacking
    • Clickjacking protection best practices

 Denial of service

  • Denial of Service
  • Resource exhaustion
  • Cash overflow
  • Flooding
  • Sustained client engagement
  • Infinite loop
  • Lab – Resource exhausting
  • Amplification
    • Network amplification
    • Amplification in databases
    • Other amplification examples
  • Algorithm complexity issues
    • Regular expression denial of service (ReDoS)
    • Hashtable collision
      • How hashtables work?
      • Hash collision in case of hashtables

Wrap up

Secure coding principles

  • Principles of robust programming by Matt Bishop
  • Secure design principles of Saltzer and Schröder
  • Some more principles

And now what?

  • Further sources and readings