Cyber security effects everyone in an organization. Cyber Toa’s Hands-On Web Application Testing course is intended for those wishing to learn the fundamentals of testing websites, APIs and web-apps against commonly-exploited vulnerabilities, following OWASP methodology. With a range of interactive scenarios, case studies, videos and activities using real life situations so students can reflect on their own behaviour and make informed security choices.
Next Scheduled Date: 6th October 9am-5pm (Proudly presented through ITP)
Duration: 1 day
Delivery: Live Online Course, Instructor led, Supervised Activities, and Practical labs
Target audience and course prerequisites
The Cyber Toa Hands-On Web Application Testing course is aimed at IT professionals with (or seeking) job roles such as IT security analysts, software developers, software testers, application managers or web developers.
Specifically, it is recommended that you have the following skills and knowledge before starting this course:
- Know basic network terminology and functions (such as OSI Model, Topology etc).
- Know the fundamentals of modern web technologies (such as HTML5, CSS, SQL etc).
- Understand the basics of server-client interactions.
This course will teach you the fundamental principles of assessing web systems for commonly-exploited vulnerabilities. The course explains, in detail, the most common web vulnerabilities as reported in the 2017 OWASP (Open Web Application Security Project) Top 10 vulnerabilities report. It also covers a variety of manual and automated web vulnerability testing tools – such as ZAP (Zed Attack Proxy) and Arachni. Study of the course can also help to build the prerequisites to study more advanced IT security courses.
On course completion, you will be able to:
- Explain the top 10 most common web exploits and evaluate the risk they present to your application and organization.
- Use ZAP, Arachni and other testing tools to assess the security of an existing web.
- Use the OWASP Application Security Verification Standard (ASVSv3) and the Security Knowledge Framework (SKF) to manually assess the security of a web application.
- Create a prioritized list of remediation recommendations based on the results of a web vulnerability assessment.
- Use the WebGoat learning resource to understand an application with known vulnerabilities.
- Understand the comparative risk to business that web vulnerabilities pose as compared to other common cybersecurity risks.
The course consists of a study volume, containing indexed notes and review questions, a series of supervised practical lab exercises and a comprehensive glossary.