Web Application Security: Tentative Course Agenda

LAPTOPS REQUIRED

SL.
No. SESSION INSTRUCTORS TIME

DAY 1

D1- What is Web application Security & Why do you need

S1-1 it?
Overview of the web from a penetration testers 9:00 AM to 10:15 AM
perspective
Exploring the various servers and clients
Discussion of the various web architectures
Discussion of the different types of vulnerabilities
Defining a web application test scope and process
Defining types of penetration testing

COFFEE / TEA BREAK - 10:15 AM TO 10:30 AM

D1- Utilizing the Burp Suite in web app penetration testing
S2-1 10:30 AM to 12:45 PM
Discovering the infrastructure within the application
Identifying the machines and operating systems
Exploring virtual hosting and its impact on testing
Software configuration discovery
Exploring external information sources
Learning tools to spider a website

LUNCH BREAK - 12:45 PM TO 1:15 PM

D1- Web Application Security: OWASP
S3-1 Common Issues in Web Apps
What is XSS, SQL injection, CSRF, Password 1:15 PM to 3:00 PM
Vulnerabilities, SSL, CAPTCHA, Session Hijacking,
Local and Remote File Inclusion, Audit Trails, Web
Server Issues, etc
COFFEE / TEA BREAK - 3:00 PM TO 3:15 PM
D1- Continued from S3-1
S4-1 3:15 PM to 6:00 PM
 DAY 2

D2- Owasp A1 to A6
S1-1
9:00 AM to 10:15 AM
COFFEE / TEA BREAK - 10:15 AM TO 10:30 AM
D2- Owasp A6 to A8
S2-1 10:30 AM to 12:45 PM
LUNCH BREAK - 12:45 PM TO 1:45 PM
D2- Owasp A8 to A10
S3-1 1:45 PM to 3:00 PM

COFFEE / TEA BREAK - 3:00 PM TO 3:15 PM

D2- Review of other areas in testing
S4-1 3:15 PM to 6:00 PM

DAY 3

D2- Practical with Test Site

S1-1
9:00 AM to 10:15 AM
COFFEE / TEA BREAK - 10:15 AM TO 10:30 AM
D2- Practical with Test Site
S2-1 10:30 AM to 12:45 PM
LUNCH BREAK - 12:45 PM TO 1:45 PM
D2- Practical with Test Site
S3-1 1:45 PM to 3:00 PM
COFFEE / TEA BREAK - 3:00 PM TO 3:15 PM
D2- Review of vulnerabilities
S4-1 3:15 PM to 6:00 PM
D2- Reporting requirements
S4-2