Excellence Doesn t Need a Certificate. Be an. Believe in You AMIGOSEC Consulting Private Limited

Transcription

1 Excellence Doesn t Need a Certificate Be an 2014 AMIGOSEC Consulting Private Limited Believe in You

2 Introduction In this age of emerging technologies where IT plays a crucial role in enabling and running a business, the risk of data security is also increasing. India needs over 5 lakh Information Security Professionals by 2015 Organizations setup most of their applications and critical business process on web but web applications - Union Ministry of IT, India are a major point of vulnerability today. Vulnerable web applications have resulted in the theft of millions of credit cards, major financial and reputational damage for hundreds of organizations. Securing data has become an alarming need for the business owners today. 1 in 8 Legitimate websites have critical vulnerabilities 552 Million Identities of users exposed online in % Increase in Web attacks since last year $86 Billion Global Information Security Market size by 2016 Content Source:-http://www.symantec.com/content/en/us/enterprise/other_resources/b-istr_main_report_v19_ en-us.pdf The objective of this ASA course is to make individuals ready to detect, mitigate and prevent such real world application security challenges. We create Infosec Amigos security friendly people AMIGOSEC Consulting Private Limited

3 About ASA Course ASA is one the most comprehensive Application Security Training programs available in the Industry currently. It is a perfect course for candidates aspiring to make a career in Information security. It covers all the relevant aspects of application security, ethical hacking, penetration testing and other topics needed in the industry. ASA will lead you towards becoming application security architects to help companies build security controls in their applications and business processes. Learn ALL the Well-known Application Security Threats Get Practical exposure to the latest web attacks Develop expertise in all industry standard tools Get well-versed with standard testing processes Understand techniques for preventing web attacks Rewarding Career opportunities ASA course will not just make you qualified for Information Security Jobs; it will also make you competent. There is an increasing demand for Applications security professionals like ASAs in the industry. Many software development companies are now in search of sound application security professionals who can help them incorporate security practices with software development processes. ASA will make you ready for such positions.

4 Training Deliverables Presentation Notes Insecure Application for Practice Hacking Tools On successful completion of the course participants would be awarded with the ASA Certificate Training Duration 10 days - Weekend and Weekday batches available. Course Outline Day 1 1 Introduction to Information Security 2 Cyber Laws 3 Cryptography 4 Web Application Technologies Introduction to OSI Layer All about HTTP HTTPS - HTTP over SSL Session Management Day 2 4 Web Application Technologies (contd.) HTML Basics Introduction to Client Side Technologies Java script, AJAX, JSON Introduction to Server Side Technologies J2EE/ASP.NET/PHP Framework Overview (including MVC) SQL Basics 5 Web Application Security Concepts Need for Application Security OWASP Top 10 Overview Bypassing Client Side Controls

5 Day 3 5 Web Application Security Concepts (contd.) Broken Authentication and Session Hijacking Authorization Bypass - Horizontal and Vertical Privilege Escalations SQL Injection Other Injection flaws - LDAP, XPATH and OS Command Injection Redirection Flaws Day 4 5 Web Application Security Concepts (contd.) Cross Site Scripting Cross Site Request Forgery Browser based Attacks - Including HTML 5 Insecure File handling Error Handling and Logging Day 5 5 Web Application Security Concepts (contd.) Web Server Attacks Miscellaneous Attacks/flaws 6 Application Scanning Spidering, Fingerprinting Exploring Automated Scanners - Burpsuite Pro. 7 Threat Modeling Data Flow Diagrams STRIDE Assessing Application Security Risk Threat Management 8 Application Security Testing Methodology Tips on Technical Report Writing 9 Thick Client Application Security 10 Web Service Security Day 6

6 Day 7 11 Security Code Review Understanding Web Application Source Code Logic to Identify Security Flaws through Source Code Scripting Techniques Source Course Scanners/Static Analysis Tools Day 8 12 Secure SDLC 13 Penetration Testing Day 9 14 Mobile Application Security Introduction to Mobile Applications Android Architecture Android Application Development Android Security Flaws Day Mobile Application Security (contd.) Android Security Flaws ios Architecture ios Application Development Overview ios Security Flaws Certificate Distribution and Feedback Session Note Prior to attending this course, students will be asked to sign an agreement stating that they would not use the newly acquired skills for illegal or malicious attacks and they will not use any hacking tools in an attempt to compromise any computer systems or applications.

7 Bond with Security Be an Infosec Amigo Amigosec Consulting Private Limited L-281, Dreams the Mall, LBS Marg, Bhandup (w), Mumbai, Maharashtra Phone: Mobile: / /