Security for Developers - an Offensive Approach
If you want to develop ”Out-of-box” thinking related to web secure codin and see security from offensive perspective, you are on the right place
The course is based on the training delivered at OWASP App Sec 2021
For whom is intended for:
- Developers, Dev(Sec)Ops and software architects mostly
- Also useful for system administrators, technical managers and CISO
- Ethical Hackers, Penetration Testers, Bug Bounty Fans
Objectives
- Develop ”Out-of-box” thinking
- See security from an offensive perspective
- Learn best security practices and (most and less) common attacks
- Learn to defend your applications and infrastructure
Topics
- Overview of Web Penetration Testing
- OWASP Top Ten Web Vulnerabilities
- API Top Ten vulnerabilities
- HTTP Security Headers
- JSON Web Tokens
- Technical measures and best practices
- Cryptography
Overview of Web Penetration Testing
- Core problems
- Web Technologies basics
- Security Audit vs Vulnerability Assessment vs Pentest
- Information Gathering
- Scanning and Enumeration
- Mapping the target surface
- Attacking Users. Cross Site Scripting
- Attacking the Server
- Attacking Authentication
- Attacking Data Stores
Top 10 API Security Vulnerabilities
- API Vulnerabilities
- Examples of vulnerabilities found in publicly accessible applications
OWASP Top Ten Web Vulnerabilities
- A1: Injection
- A2 – Broken Authentication and Session Management
- A3 – Cross-Site Scripting (XSS)
- A4 – Insecure Direct Object References
- A5 – Security Misconfiguration
- A6 – Sensitive data Exposure
- A7 – Missing Function Level Access Control
- A8 – Cross-Site Request Forgery (CSRF)
- A9 – Using Components with Known Vulnerabilities
- A10 – Unvalidated Redirects and Forwards
- New Addition in OWASP TOP 10 - 2017
- A4 - XML External entities (XXE)
- A5 – Broken Access Control
- A8 – Insecure Deserialization
- A10 - Insufficient Logging & Monitoring
- New additions in 2021
- Common Vulnerabilities: XSS, SQL Injection, CSRF, XXE, LFI
HTTP Security Headers
- Understand HTTP Security Tokens and their role
- HSTS - Strict-Transport-Security
- CSP - Content-Security-Policy
- CORS
- X-Frame-Options
- X-XSS-Protection
- X-Content-Type-Options
- Referrer-Policy
- Cookie flags: HTTPOnly, Secure
JSON Web Tokens
- Understanding JSON WEB TOKENS
- Token Structure
- When can you use JWT
- Issues
- What is JWT good for?
- Best Practices for JSON Web Tokens
Technical measures and best practices
- Input Validation
- Encoding
- Bind Parameters for Database Queries
- Protect Data in Transit
- Hash and Salt Your Users' Passwords
- Encrypt Data at Rest
- Logging - Best practices
- Authenticate Users Safely
- Protect User Sessions
- Authorize Actions
Cryptography
- Cryptographic concepts
- Algorithms
- Cryptography and cryptanalysis tools
- Cryptography attacks
Course Curriculum
0. Agenda
Available in
days
days
after you enroll
1. Overview of Web Penetration Testing
Available in
days
days
after you enroll
-
Start1.1. Overview of Web Penetration testing (10:46)
-
Start1.2. Information gathering part 1 (10:46)
-
Start1.2. Information gathering part 2 (10:36)
-
Start1.2. Information gathering part 3 (6:03)
-
Start1.3. Scannig and Enumeration (3:20)
-
Start1.4. Mapping (9:42)
-
Start1.5. Attacking the users - Reflected XSS (10:28)
-
Start1.6. Attacking the users - Stored XSS (15:28)
-
Start1.7. Attacking the users - CSRF, Clickjacking, Open Redirect (11:56)
-
Start1.8. Attacking the server - OS Command Injection (8:27)
-
Start1.9. Attacking the Server - SMTP Injection (3:48)
-
Start1.10. Atacking Authentication (8:32)
-
Start1.11. Attacking the datastore - SQLi part 1 (11:56)
-
Start1.12. Attacking the datastore - SQLi part 2 (12:18)
2. OWASP API Top 10 Vulnearbilities
Available in
days
days
after you enroll
Your Instructor
Senior Information Security Consultant
- I work in the Internet security team, focused on ethical hacking - deliberately and purposefully challenging the IT security assumptions, strategies, and methods of protecting vital assets and information by emulating an adversary.
- Scan and exploit for a wide variety of data center infrastructure and application vulnerabilities, following defined rules of engagement and attack scenarios (ethical hacking).
- Make recommendations on security weaknesses and report on activities and findings.
- Perform Internet penetration testing (black box / white box testing) and code reviews (manual and automated)
- Use testing tools as NetBIOS scanning, network pinging and testing, packet crafting and analyzing, port scanning for vulnerability assessment
- Perform analysis and testing to verify the strengths and weaknesses of Web Applications and Web Services (SML, SOAP, WSDL, UDDI, etc.)
- Perform analysis and testing to verify the strengths and weaknesses of a variety of operating systems, network devices, web applications, and security architectures
- Assist with the development of remediation services for identified findings
- Customize, operate, audit, and maintain security related tools and applications
IT Trainer
- CEH, ECSA, CHFI from EC-Council
- Cisco CCNA, CCNA Security, Linux Essentials
- Various Custom Trainings
Certifications
- OSWE
- OSCE
- OSWP
- CREST Registered Penetration Tester (CRT)
- OSCP
- CHFI (Computer Hacking Forensic Investigator)
- ISO 270001 Lead Auditor
- ECSA (EC-Council Security Analyst)
- CEH (Certified Ethical Hacker)
- CCNA and CCNA Security
- CCNP Routing and CCNP Switching
- Advanced Linux&InfoSEC
- VMWare vSphere Install, Configure, Manage
- Microsoft Certified Technology Specialist (MCTS/MCP 70-642): Microsoft Windows Server 2008 Network Infrastructure, etc.