FB Twitter Linkedin Instagram csta certified security testing associate industrial training Mohali | ITRONIX SOLUTION

CSTA – Certified Security Testing Associate

COURSE OVERVIEW

This  course is designed to give you the skills you need to undertake an application penetration test in order to ensure valuable data and assets are effectively protected. You will have access to a functional ASP.NET and PHP application through which theory is reinforced by way of practical exercises in order to demonstrate hacking techniques with defensive countermeasures always in mind.

1. Principles

  • a. Web refresher
  • b. Proxies
  • c. The OWASP Top Ten
  • d. Web application security auditing
  • e. Tools and their limitations
  • f. HTTP request and response modification
  • g. Logic flaws

2. Injection

  • a. Types
  • b. Databases overview – data storage, SQL
  • c. SQL injection – data theft, authentication
  • d. Bypass, stored procedures
  • e. Information leakage through errors
  • f. Blind SQL injection

3. Broken Authentication and Session Management

  • a. Scenarios
  • b. Attacking authentication pages
  • c. Insecure Direct Object Reference
  • d. Direct vs indirect object references
  • e. Authorisation
  • f. Cross-site Request Forgery (CSRF)
  • g. Exploiting predictable requests

4. Cross-site Scripting (XSS)

  • a. JavaScript
  • b. Email spoofing
  • c. Phishing
  • d. Reflected and Stored/ Persistent XSS
  • e. Cookies, sessions and session hijacking

5. Insecure Direct Object Reference

  • a. Scenarios
  • b. Information leakage through logs

6. Security Misconfiguration

  • a. Scenarios

7. Sensitive Data Exposure

  • a. Identifying sensitive data
  • b. Secure storage methods

8. Unvalidated Redirects and Forwards

  • a. Scenarios

9. Conclusions