CSWAE: Certified Secure Web Application Engineer

CSWAE: Certified Secure Web Application Engineer
Price : $ 3495
Duration: 5 Days
Technology: Cybersecurity

Overview

About this Cybersecurity Training Course

The Certified Secure Web Application Engineer Cybersecurity Training Course is designed to equip students with the knowledge and tools needed to identify and defend against security vulnerabilities in software applications. Students will put theory to practice by completing real world labs that include testing applications for software vulnerabilities, identifying weaknesses in design through architecture risks analysis and threat modeling, conducting secure code reviews and more.

On the final day of training, students will complete a real world hacking exercise on a live web application.

These secure coding skills are in desperate need today because the internet is one of the most dangerous places to do business; there are countless cases of valuable information being stolen from businesses because there was a vulnerability in their web applications. When programmers don’t understand the principles of secure coding, doors are open to those who do.

Description

Module 1 Web Application Security
  • Web Application Security
  • Web Application Technologies and Architecture
  • Secure Design Architecture
  • Application Flaws and Defense Mechanisms
  • Defense In-Depth
  • Secure Coding Principles
  • Lab: Environment Setup Lab
Module 2 OWASP Top 10
  • The Open Web Application Security Project (OWASP)
  • OWASP TOP 10 2013
  • Lab: Environment Setup – LabCommon WEP Attacks
Module 3 Threat Modeling & Risk Management
  • Threat Modeling Tools & Resources
  • Identify Threats
  • Identify Countermeasures
  • Choosing a Methodology
  • Post Threat Modeling
  • Analyzing and Managing Risk
  • Incremental Threat Modeling
  • Identify Security Requirements
  • Understand the System
  • Root Cause Analysis
  • Lab: Threat Modeling and Architecture Risk Analysis
  • Lab: Quick Threat Modeling (the Doctor use case)
Module 4 Application Mapping
  • Application Mapping
  • Web Spiders
  • Web Vulnerability Assessment
  • Discovering other content
  • Application Analysis
  • Application Security Toolbox
  • Setting up a Testing Environment
  • Lab: Web Application Mapping using Ethical Hacking Tools
Module 5 Authentication & Authorization Attacks
  • Authentication
  • Different Types of Authentication (HTTP, Form)
  • Client Side Attacks
  • Authentication Attacks
  • Authorization
  • Modeling Authorization
  • Least Privilege
  • Access Control
  • Authorization Attacks
  • Access Control Attacks
  • User Management
  • Password Storage
  • User Names
  • Account Lockout
  • Passwords
  • Password Reset
  • Client-Side Security
  • Anti-Tampering Measures
  • Code Obfuscation
  • Anti-Debugging
  • Lab: Client Side, Authentication and Authorization Attacks
Module 6 Session Management Attacks
  • Session Management Attacks
  • Session Hijacking
  • Session Fixation
  • Environment Configuration Attacks
  • Lab: Session Management, Access Controls and Configuration Attacks
Module 7 Application Logic Attacks
  • Application Logic Attacks
  • Information Disclosure Exploits
  • Data Transmission Attacks
  • Lab: Application Logic, Information Disclosure and Data Transmission Attacks
Module 8 Data Validation
  • Input and Output Validation
  • Trust Boundaries
  • Common Data Validation Attacks
  • Data Validation Design
  • Validating Non-Textual Data
  • Validation Strategies & Tactics
  • Errors & Exception Handling
  • Structured Exception Handling
  • Designing for Failure
  • Designing Error Messages
  • Failing Securely
  • Lab: Cert Java Oracle Secure Coding IDS
Module 9 AJAX Attacks
  • AJAX Attacks
  • Web Services Attacks
  • Application Server Attacks
  • Lab: AJAX, Web Services and Server Attacks
Module 10 Code Review & Security Testing
  • Insecure Code Discovery and Mitigation
  • Testing Methodology
  • Client Side Testing
  • Session Management Testing
  • Developing Security Testing Scripts
  • Pentesting a Web Application
  • Lab: Performing Code review and Building Security Test Scripts
Module 11: Web Application Penetration Testing
  • Insecure Code Discovery and Mitigation
  • Benefits of a Penetration Test
  • Current Problems in WAPT
  • Learning Attack Methods
  • Methods of Obtaining Information
  • Passive vs. Active Reconnaissance
  • Footprinting Defined
  • Introduction to Port Scanning
  • OS Fingerprinting
  • Web Application Penetration Methodologies
  • The Anatomy of a Web Application Attack
  • Fuzzers
  • Lab: Performing Web Application PenTesting stepsPKI
  • CA Hierarchy
Module 12: Secure SDLC
  • Secure-Software Development Lifecycle (SDLC)
  • Methodology
  • Web Hacking Methodology
  • Lab: Case Study and Web Penetration Testing Assignment
Module 13: Cryptography
  • Overview of Cryptography
  • Key Management
  • Cryptography Application
  • True Random Generators (TRNG)
  • Symmetric/Asymmetric Cryptography
  • Digital Signatures and Certificates
  • Hashing Algorithms
  • XML Encryption and Digital Signatures
  • Authorization Attacks
  • Lab: Encryption in Secure Coding (Example for Java, PHP and .NET)
Appendix – Labs:
  1. Spoofing & Authentication Cookies
  2. How to Perform Cross Site Scripting (XSS)
  3. Injection Flaws
  4. Improper Error Handling
  5. Parameter Tampering
  6. Denial of Service
  7. Writing Java Secure Code

Prerequisites

  • Proficiency in web app programming in a language of your choice

 Target Student:

The Certified Secure Web Application Engineer Certification Cybersecurity Training Course is designed for those have a background in web application development and want to have the skill set to make their applications secure. While not required, we recommend being familiar with general cyber security topics, including those taught in our C)ISSO: Information Systems Security Officer Cybersecurity Training Course. 

Cybersecurity Training Course Objective

Students will have knowledge to:

  • Perform web application penetration testing to expose vulnerabilities.
  • Design & implement controls to defend against application vulnerabilities.
  • Integrate security best practices into the software development lifecycle
  • Be ready to sit for the C)SWAE certification exam.

Course Schedule

Course Name Date Time
Nothing Scheduled yet
Upcoming Training
PL-400: Microsoft Power..
Nov 04-08
AZ-040: Automating Administration..
Nov 04-08
55215: SharePoint Online..
Nov 04-07
SC-200: Microsoft Security..
Nov 04-07
CDFE: Certified Digital..
Nov 04-08
Whether your team wants to study SharePoint or needs to learn Excel, GSAtrain has a convenient classroom setting with industry-certified instructors to lead your training. Creating opportunities to customize courseware.
Explore
Useful links
Contact info
Copyright 2022 GSAtrain LLC. All Rights Reserved