AppSec Labs Training Programs / Hacking & Penetration testing

Web Application Security QA Hands on – 3 days

Quality Assurance processes usually verify that the system meets its functional and non-functional requirements, but does verify the security aspects of the product.

This course is designed to teach the QA personnel how to test for major security vulnerabilities and identify security bugs as the last line of defense before the product is delivered to the customer, as part of the standard QA testing.

The objectives of the course are to teach QA personnel about application security vulnerabilities and how to perform security testing in web applications, and by that increasing the amount and quality of test cases that can be performed by the tester.

The course will introduce the tools & methods that should be performed by the auditor in order to efficiently find vulnerabilities and reducing the false positive / false negative rate.

Download Syllabus (PDF)

Get quote

Enroll

Description

Secure programming is the last line of defense against attacks targeted toward our systems. This course shows you how to identify security flaws & implement security countermeasures when writing code for Android and iOS mobile devices. Using sound programming techniques and best practices shown in this course, you can produce high-quality code that stands up to attack.

The course covers major security principles when writing Java code for Android and Objective-C code for iOS.

The objectives of the course are to acquaint students with security concepts and terminology, and to provide them with a solid foundation for developing secure software. By course completion, students should be familiar with major secure programming practices and have learnt the basics of security analysis and design.

Topics

Demonstrating the Top 10 Mobile Security Attacks

Insecure data storage

Weak server side controls

Insufficient transport layer protection

Client side injection

Poor authorization and authentication

Improper session handling

Security decisions via untrusted inputs

Side channel data leakage

Broken cryptography

Sensitive information disclosure

Secure Coding Best Practices

Creating files with correct ACLs

Secure memory handling

Secure data storage

Erasing data

Symmetric encryption

A-symmetric encryption

Transport level encryption

Storage level encryption

Key derivation

The KeyChain

Validating server certificates and avoiding Man-in-the-Middle

SSL pinning

Client-side certificate authentication

Application permission isolation

The permission model

Permission types and app restriction

Application signing

Permission categories

Creating custom permissions

Verifying process permissions during runtime

Securely activating components

Avoiding access to restricted screens

Parameterized queries

Avoiding hard coded secrets

Obfuscate the program

Code encryption

Detecting common code-level vulnerabilities

Secure device management

Target Audience

Prerequisites

Interested in this course? Have any questions?
Let us know and we’ll get back to you…

Day

Topics

100

% Pure Security knowledge!

AppSec Labs Training Programs / Hacking & Penetration testing

Web Application Security QA Hands on – 3 days

Description

Topics

Demonstrating the Top 10 Mobile Security Attacks

Secure Coding Best Practices

Target Audience

Prerequisites

Interested in this course? Have any questions?
Let us know and we’ll get back to you…

Send us mail

Stay updated, follow us..

AppSec Labs

AppSec Labs Training Programs / Hacking & Penetration testing

Web Application Security QA Hands on – 3 days

Description

Interested in this course? Have any questions? Let us know and we’ll get back to you…

Send us mail

Stay updated, follow us..

AppSec Labs

Interested in this course? Have any questions?
Let us know and we’ll get back to you…