Certified Web Application Security Professional (CWASP)

Recent history has seen the rise in popularity of web applications used to carry out multiple internet activities. Since web applications usually store or send out sensitive data, it is crucial to keep these apps secure, particularly those publicly exposed to the World Wide Web. Web applications play a vital role in every modern organization. Cyberattacks against web applications occur every day. Most breaches are caused by failure to update the software components known to be vulnerable for months or years. In Web application penetration testing, an assessment of the code's Security and the use of software on which the application runs takes place. Penetration testing looks at vulnerabilities and will try and exploit them. Modern cyber defence requires a realistic and thorough understanding of web application security issues.

At Network Intelligence, we are conducting our flagship Certified Web Application Security Professional (CWASP) training. The 12-hour of online course is spread across 3 days 4 hours each. It is designed to impart knowledge about the requirements of OWASP Top 10 2017 RC2, CSRF, API Insecurity & Practical Tips for Defending Web Application & API.

The training's objective is to provide participants with a hands-on experience of implementing security measures for safeguarding web applications through case studies and examples.

Training Details:


Americas & Europe

  • Date: August 16 – 18, 2021
  • Timing: 1:00 PM to 5:00 PM (GMT)
  • Mode: Online through Microsoft Teams
  • Region: Americas & Europe
  • Fees:
    • USD $ 120 (for ISACA members)
    • USD $ 150 (for non-ISACA members)
Register your interest


Asia & Middle East

  • Date: August 23 – 25, 2021
  • Timing: 6:00 AM – 10:00 AM (GMT)
  • Mode: Online through Microsoft Teams
  • Region: Asia & Middle East
  • Fees:
    • USD $ 120 (for ISACA members)
    • USD $ 150 (for non-ISACA members)
Register your interest

Objective of the program:
  • Understanding the need for Security and various threats & countermeasures
  • Building a framework for securing web application
  • Guidance to professionals for web applications
  • Going beyond the traditional checklist-based approach for security
  • Taking a risk-based approach to implement security controls
  • Winning end customer’s trust
Who should attend?
  • Chief Information Security/Compliance Officers
  • Information Technology Managers
  • Payment Application Developers
  • Information Systems and Security Implementers
  • Other security professionals
Table of Content:
Session 1: Introduction & Case Studies
  • Introduction to Web Applications & Web Application Architecture
  • HTTP Protocol Basics
  • HTTP Attack Vectors
  • Introduction to Application Security
  • Application Security Risks
  • Case Studies
Session 2: OWASP Top 10 2017 RC2
  • What is OWASP
  • OWASP Top 10
  • The ‘OWASP Top 10’ for WebAppSec
  • A1-Injection
  • A2-Broken Authentication
  • A3-Sensitive Data Exposure
  • A4-XML External Entities (XXE)
  • A5-Broken Access Control
  • A6-Security Misconfiguration
  • A7-Cross-Site Scripting (XSS)
  • A8-Insecure Deserialization
  • A9-Using Components with Known Vulnerabilities
  • A10- Insufficient Logging & Monitoring
  • Countermeasures of OWASP Top 10 2017 RC2
Session 3: Beyond OWASP
CSRF
  • Understanding the vulnerability
  • Discovering the vulnerability
  • Attacking the Issue
  • Impact & Countermeasure
  • SSRF
  • Understanding the vulnerability
  • Discovering the vulnerability
  • Attacking the Issue
  • Impact & Countermeasure
Session 4: API Insecurity
  • API Insecurity
  • Introduction to API & API Security
  • SOAP vs REST
  • SOAP vs REST
  • Common API Vulnerabilities
  • API Assessment Approach
  • How to stop API Attacks?
Session 5: Practical Tips for Defending Web Application & API
  • Common Mistakes in Development
  • Security Best Practices for Web Application & API Security
  • Secure SDLC
  • Threat Modelling
  • Source Code Review
  • VAPT
Sample Certificate:

 

Terms & Conditions:
  • Fees, speakers and date are subject to change.
  • Any cancellations received within the last ten calendar days would be liable for 50% of the course fees. Cancellations must be received in writing at least one week prior to course commencement. No-shows would be fully charged.
  • Registered attendees who are unable to attend the above course can send replacements subject to one week’s notification. * Membership fee applies.
Privacy Notice:

We are committed to respecting your privacy and we recognize the importance of protecting the information collected about you. All of the personal information that you have submitted during the registration shall only be processed in relation to your attendance to this event (i.e., processing of payments, issuance of certificate, sending of any announcements, future events and activities). All the information that you have provided in relation to this event shall be protected with reasonable and appropriate measures and shall only be retained as long as necessary in its processing.