Security Testing Masterclass: Web, API and Mobile Application Security

Security Testing Masterclass: Web, API and Mobile Application Security- Live Training

(Web, API & Mobile Security with Burp Suite, Vooki, Nmap, Zenmap, OWASP Juice Shop, WebGoat, Yazhini, Dex2Jar, JD-GUI, Snyk & More)

This course introduces participants to OWASP security concepts associated with REST APIs, SOAP APIs & Web applications. This is a foundation course & we encourage you to take this skill upgrade if you are a beginner in security world. This course uses vulnerable REST APIs, SOAP APIs & Web applications to demonstrate, identify security vulnerabilities as per OWASP top#10 standards.

About the Instructor:

Sample Videos:

“Security Testing Masterclass: Web, API and Mobile Application Security”-Demo Video

“Security Testing Masterclass: Web, API and Mobile Application Security”-Day 1 Video

Live Sessions Price:

For LIVE sessions – Offer price after discount is 149 USD 139 USD 129 USD Or 15000 INR 13000 INR 9900 Rupees.

Enroll For Free Demo

OR

Whatsapp

Demo Session:

3rd March @ 9 PM – 10 PM (IST) (Indian Timings)

3rd March @ 10:30 AM – 11:30 AM (EST) (U.S Timings)

3rd March @ 3:30 PM – 4:30 PM (BST) (UK Timings)

Class Schedule:

For Participants in India: Monday to Friday 9 PM – 10 PM (IST)

For Participants in the US: Monday to Friday 10:30 AM – 11:30 AM (EST)

For Participants in the UK: Monday to Friday 3:30 PM – 4:30 PM (BST)

Prerequisites:

Good understanding of:

• Websites and web browser
• Client Server architecture
• Web Services/APIs testing
• Basic knowledge of HTTP/HTTPS protocol
• Basic understanding of HTTP methods
• Basic understanding of functional testing

What student’s have to say about Trainer :

What will I Learn by the end of this course?

• By the end of this course, you will become a OWASP Security testing specialist:
• LO1 Understand OWASP top#10 vulnerabilities for Web applications & backend APIs
• LO2 You will get complete knowledge on REST API, SOAP API, Web applications, Android apks, & Port security testing
• LO3 In-depth understanding of exploiting OWASP vulnerabilities on vulnerable applications & APIs
• LO4 Learn how to generate security testing reports using Security testing tools
• LO5 Learn how to scan source code for OSS vulnerabilities & conduct reverse engineering of source code-Android apks

Salient Features:

• 30 Hours of Live Training along with recorded videos
• Lifetime access to the recorded videos
• Course Completion Certificate

Who can enroll in this course?

• Security enthusiasts
• Security professionals intending to upskill for compliance based penetration testing

Course syllabus:

Chapter 1: Introduction to Web client & server, 3 Tier architecture and API Introduction/ Basics

• What is an API and the use of an API in an enterprise application along with API examples
• Introduction to data description formats wherever API calls are developed & consumed in an application
• Introduction to web application architecture
  • Client & Server model
  • HTTP & HTTPS protocols
  • SSL & TLS protocols
  • HTTP Request Headers
  • HTTP Response Headers
  • Request & Response Cookies
  • Hand-shake process
  • HTTP Methods/HTTP verbs
• Safe HTTP methods vs Unsafe HTTP methods
  • GET
  • POST
  • PUT
  • PATCH
  • DELETE
  • OPTIONS & HEAD
• Examples demonstration for HTTP request headers, HTTP response headers, HTTP response codes
• Practical example for demonstrating client & server architecture model
• Discussion on 3 layer architecture of an enterprise application i.e., front-end, back-end & server/database
  

Chapter 2: Evolution of API’s, Types of API’s & Examples of REST & SOAP API’s

• Introduction to API Architecture/Web-Services
  • SOAP API (Simple object access protocol – Application Programming Interface) & WSDL
  • REST API ( Representational State Transfer – Application Programming Interface)
• Definition of an API Syntax –> Understanding HTTP Method, Protocol, API URI, End points, Query Parameters, Resources, Request body, Authentication type, Request Headers, Request Cookies

CHAPTER 3: INTRODUCTION TO OWASP TOP#10 WEB & API VULNERABILITIES [HANDS-ON-EXERCISE]

• What is a Threat, Target, Cvss, Cve, Vulnerability Assessment Testing, Penetration Testing, Security testing
• Sensitive information disclosure
• Using vulnerable & outdated components
• Incorrectly configured & missing response headers
• Insecure design
• Open network ports detection
• Server-side missing validations
• Broken access control
• SQL injection
• Cross-site scripting css/xss injection
• Html injection
• Idor attacks
• Jwt tokens abuse
• Security misconfiguration
• Brute force attacks/ddos attacks
• Unrestricted access to sensitive business flows
• Broken object-level authorization
• Broken user authentication
• Broken object  property level

CHAPTER 4: DOWNLOAD & SETUP OF VULNERABLE APPLICATIONS [HANDS-ON-EXERCISE]

• OWASP Juice Shop
• OWASP Web Goat
• Altoro mutual bank application
• Parabank soft application
• Acunetix Test PHP application
• Blazedemo Application

CHAPTER 5: PORT SCANNING USING NMAP/ZENMAP TOOL [HANDS-ON-EXERCISE]

• What is Nmap [Network Mapper] tool
• What are network ports used for
• Download & Installation of Nmap tool for CLI execution & Zenmap tool for UI execution
• Executing commands to discover open, filtered & closed ports and to detect OS and services version details
• Learn how to do different scans i.e., basic/aggressive/quick scan plus/ping scan/OS/multiple hosts/intense scan

CHAPTER 6: INTRODUCTION & INSTALLATION OF BURP SUITE-SECURITY TESTING DAST TOOL [HANDS-ON-EXERCISE]

• What is Burp Suite tool
• Installation of Burp Suite Community Edition
• Walk-through of Burp Suite features
• Understanding Burp Suite tool capabilities

CHAPTER 7: CONDUCTING PENETRATION TESTING USING BURP SUITE TOOL [HANDS-ON-EXERCISE]

• Learn how to setup Burp Suite environment
• Explore the Burp features : Proxy, Target, Intruder, Repeater, Decoder
• Download & Install Burp HTTPS certificate
• Using Burp in-built chromium browser to capture HTTP requests & intercept the same
• Capturing the http requests by configuring Burp Proxy, Burp Interceptor & Burp Repeater
• Learn how to intercept http requests and tamper responses to check server behavior
• How to forward, drop intercepted requests
• Sending the requests to Burp Intruder for brute force attacks using various payloads
• Hacking credentials using Burp Intruder
• Sending the requests to Burp Repeater to test repeatedly with various request tamperings
• Point-to-point attacks using Burp Repeater
• Learn how to encode or decode the request parameters using Burp Suite Decoder
• Visiting BApp store to install top rated plugins to aid in security testing [HACK BAR-PAYLOAD BUCKET, CONTENT TYPE CONVERTER, HTTP METHODS DISCLOSURE, JSON WEB TOKEN ATTACKER]

CHAPTER 8: REST APIs, SOAP APIs & WEB APPLICATION SECURITY TESTING USING VOOKI TOOL [HANDS-ON-EXERCISE]

• Introduction & Installation of Vooki tool
• Walk-through of Vooki tool UI features
• Testing APIs for OWASP top #10 techniques
• Learn how to scan an entire website [Basic Scan, Full Scan, Penetration test, Crawler]
• Learn how to use SSL scanner, understand Cryptography, Domain & Host scanner
• Detect & understand the vulnerabilities identified during the web application scan
• Generate HTML test report for security vulnerabilities found at web application scan
• Conducting full scan on REST APIs that uses GET, POST, PUT, PATCH, DELETE methods
• Conducting full scan on SOAP APIs
• Generate HTML test report for security vulnerabilities identified at API security scan
• Detect & understand the vulnerabilities identified during the APIs scan process

CHAPTER 9: ANDROID APPS SECURITY TESTING USING YAZHINI,  DEX2JAR & JD-GUI-DAST TOOLS [HANDS-ON-EXERCISE]

• Introduction and Installation of Yazhini tool
• Installation of Dex2Jar, Java Decompiler
• Scanning the Android apk for vulnerabilities
• Conducting Full scan, Basic scan on apk
• Reverse engineering to check if APK can be deobfuscated to see original written code
• Generating the vulnerabilities test report for Android apk scan

CHAPTER 10: FINDING SOURCE CODE OSS VULNERABILITIES [OPEN SOURCE SOFTWARE] – SAST [HANDS-ON-EXERCISE]

• What is Snyk tool used for
• Sign up & Sign in to Snyk tool
• Adding your Github repo to Snyk project list
• Scanning the source code using Snyk scanner
• Running Snyk from CLI mode
• Understanding the vulnerability test report

How can I enroll for this course?

Enroll For Free Demo

OR

For any other details, Call me or Whatsapp me on +91-9133190573

Live Sessions Price:

For LIVE sessions – Offer price after discount is 149 USD 139 USD 129 USD Or 15000 INR 13000 INR 9900 Rupees.

Sample Course Completion Certificate:

Your course completion certificate looks like this……