Finding and Fixing Web Application Security Vulnerabilities

Description

Software security vulnerabilities are big business for potential attackers. Identifying them early and knowing what common pitfalls to avoid can make a big difference to the resilience of your applications.

This course will help you to understand, identify, and avoid common software security vulnerabilities in your code.

Duration

Takes approximately 7 hours to complete

Certification

Secure Developer Level 1

Course Objectives

• Common web application security vulnerabilities and how to find them.

• Approaches to avoid or reduce these vulnerabilities and how they work.

• The challenges and trade-offs we face when implementing these controls.

Syllabus

Module 1: Object access vulnerabilities

• What causes object access vulnerabilities.

• How to identify them and understand their impact.

• How to protect your application from this vulnerability.

Module 2: Enumeration vulnerabilities

• What causes enumeration vulnerabilities and why they’re interesting to an attacker.

• How to identify them and understand their impact.

• How to protect your application from this vulnerability.

Module 3: SQL Injection vulnerabilities

• What causes SQL injection vulnerabilities and why they’re so powerful.

• How to identify them and understand their impact.

• How to protect your application from this vulnerability.

Module 4: Configuration vulnerabilities

• What causes configuration vulnerabilities and where in our stack we can find them.

• How to identify them and understand their impact.

• How to protect your application from this vulnerability.

Module 5: Operating system injection vulnerabilities

• What causes operating system injection vulnerabilities and why they matter in a web application-focused world.

• How to identify them and understand their impact.

• How to protect your application from this vulnerability.

Module 6: Cross-site scripting vulnerabilities (XSS)

• What causes cross-site scripting (XSS) vulnerabilities and how they are exploited.

• How to identify them and understand their impact.

• How to protect your application from this vulnerability.

Module 7: Passwords and authentication

• Common password behaviors and why they happen.

• How to securely store passwords within our applications.

• Multi-factor authentication and the challenge of choosing the best one for your context.

• Life beyond passwords and the future of authentication.

Module 8: Session vulnerabilities

• What causes session vulnerabilities and the rules we can follow to protect our session identifiers.

• How to identify them and understand their impact.

• How to protect your application from this vulnerability.

Module 9: Using components with known vulnerabilities

• Why software has vulnerabilities.

• How we respond when our dependencies have vulnerabilities.

• What the impact is of these vulnerabilities on us and the wider ecosystem.

Module 10: Path Traversal

• What causes path traversal vulnerabilities.

• How to identify them and understand their impact.

• How to protect your application from this vulnerability.

Module 11: Return of the SQL Injection

• SQL output, and how that impacts the type of injection attack.

• How to identify and attack UNION SQL injection vulnerabilities.

• Diving deeper into blind SQL injection vulnerabilities.

Module 12: XML External Entity (XXE)

• What causes XML External Entity (XXE) vulnerabilities.

• How to identify them and understand their impact.

• How to protect your application from this vulnerability.