Hands-On Web Application Testing

Current Status
Not Enrolled
Get Started

Course Description

Cyber security effects everyone in an organization. Cyber Toa’s Hands-On Web Application Testing course is intended for those wishing to learn the fundamentals of testing websites, APIs and web-apps against commonly-exploited vulnerabilities, following OWASP methodology. With a range of interactive scenarios, case studies, videos and activities using real life situations so students can reflect on their own behaviour and make informed security choices.

Next Scheduled Date: 6th October 9am-5pm (Proudly presented through ITP)

Duration: 1 day

Delivery: Live Online Course, Instructor led, Supervised Activities, and Practical labs

Target audience and course prerequisites

The Cyber Toa Hands-On Web Application Testing course is aimed at IT professionals with (or seeking) job roles such as IT security analysts, software developers, software testers, application managers or web developers.

Specifically, it is recommended that you have the following skills and knowledge before starting this course:

  • Know basic network terminology and functions (such as OSI Model, Topology etc).
  • Know the fundamentals of modern web technologies (such as HTML5, CSS, SQL etc).
  • Understand the basics of server-client interactions.

Course Outcomes

This course will teach you the fundamental principles of assessing web systems for commonly-exploited vulnerabilities. The course explains, in detail, the most common web vulnerabilities as reported in the 2017 OWASP (Open Web Application Security Project) Top 10 vulnerabilities report. It also covers a variety of manual and automated web vulnerability testing tools – such as ZAP (Zed Attack Proxy) and Arachni. Study of the course can also help to build the prerequisites to study more advanced IT security courses.

On course completion, you will be able to:

  • Explain the top 10 most common web exploits and evaluate the risk they present to your application and organization.
  • Use ZAP, Arachni and other testing tools to assess the security of an existing web.
  • Use the OWASP Application Security Verification Standard (ASVSv3) and the Security Knowledge Framework (SKF) to manually assess the security of a web application.
  • Create a prioritized list of remediation recommendations based on the results of a web vulnerability assessment.
  • Use the WebGoat learning resource to understand an application with known vulnerabilities.
  • Understand the comparative risk to business that web vulnerabilities pose as compared to other common cybersecurity risks.

Course Materials

The course consists of a study volume, containing indexed notes and review questions, a series of supervised practical lab exercises and a comprehensive glossary.