COURSE OUTLINESession 1
Introduction. Web application technology and evolution
Session 4
Server-side vulnerabilities. XXE and Command and Code Injections
Session 5
Server-side Vulnerabilities. Server-side template injections, PHP and Java Deserialization
Session 2
Information gathering. Fingerprinting and enumeration
Session 3
Server-side vulnerabilities. SQL Injections
Session 6
Server-side Vulnerabilities. Server-side request forgery, Business logic flaws
Session 7
Client-side Vulnerabilities, Client-side and Server-side Cross Site Scripting (XSS)
Session 8
Client-side vulnerabilities. CSRF, Open redirect, HTML injection
Session 9
Web application analysis methodology overview. OWASP testing guide, authentication and identity management testing, session management testing, reporting
Session 10
Secure development lifecycle approaches and methodologies. BSIMM, NIST 800-64 (SSDLC) overview, Threat modelling, risk-based approach
Session 11
Case Study 1. PHP web application testing
Session 12
Case Study 2. Java web application testing
Session 13
Case Study 3. .NET web application testing
Session 14
Case Study 4. Python web application testing
Session 15
Final exam