Certificate Authentication | NobleProg Cert

Bespoke Web application security Certificate for Adam Holdbrook

Add to LinkedIn

Certificate ID:

669899

Authentication Code:

5a0a1

Certified Person Name:

Adam Holdbrook

Trainer Name:

Piotr Kozowicz

Duration Days:

4

Duration Hours:

28

Course Name:

Bespoke Web application security

Course Date:

2022-02-21 09:30 to 2022-03-01 16:30

Course Outline:

Security Intro
1. Security vocabulary
2. CVSS vectors
3. CIA classification
4. Online resources
  1. Vulnerability databases
  2. Exploit databases
5. Vulnerability detection
  1. Active scanning
  2. Passive scanning
  3. Code scanning
  4. Dependency scanning
6. Security testing
  1. Pentests
  2. Red teaming
  3. DecSecOps – planning secure development cycle

Threat modeling for web application
1. Information disclosure
2. Unauthorized access
3. Unauthorized actions
4. Impersonation
5. Business logic errors
6. Deface
7. Resource stealing
8. Denial of Service
9. APT attacks
  1. MITRE Att&CK

Common web vulnerabilities

For every vulnerability the following sections will be covered:

Mechanism
Detection (active test, passive test, code scanning)
Exploitation
Prevention

1. Injections
  1. SQL injections
  2. No-SQL injections
  3. LDAP injections
  4. Command injections
  5. Server-side template injections
2. Broken authentication
3. Broken access control
4. Sensitive data exposure
5. XXE attacks
6. Clickjacking
7. Cross site scripting
  1. Reflected
  2. Stored
  3. DOM-based
8. Insecure deserialization
9. Cross-site request forgery (CSRF)
10. Server-side request forgery (SSRF)
11. CORS vulnerabilities
12. HTTP request smuggling
13. Web cache poisoning
14. Web cache deception
15. OAuth vulnerabilities

Docker security
1. Security cheat sheet
2. Container scanning
3. Examples of vulnerabilities

Vulnerability chaining & case studies