Masterclass: Pentesting and Securing Mobile and Web Applications
- Kursuskode PTCMW
- Varighed 5 dage
Leveringsmetoder
Go to:
Leveringsmetoder
Kurset er tilgængeligt i følgende formater:
-
Firma kursus
Et lukket firma kursus
-
Åbent kursus
Traditionel klasserumsundervisning
-
Åbent kursus (Virtuelt)
Live klasserumsundervisning du tilgår virtuelt
Anmod om dette kursus Med en anden leveringsløsning
Beskrivelse
ToppenVirtuel deltagelse
Et V&C Select kursus indholder nøjagtig det samme som et almindeligt kursus. Før kursusstart modtager man kursusmaterialet. Dernæst logger man på kurset via internettet og ser via sin pc den selvsamme præsentation som de øvrige deltagere, man kommunikerer via chat med underviseren og de øvrige deltagere på kurset. Denne uddannelsesmodel er både tids-og omkostningsbesparende og kan være et oplagt alternativ til almindelig klasseundervisning, hvis man f.eks. har et begrænset rejsebudget.
Kursusdato
ToppenMålgruppe
ToppenKursets formål
Toppen- Recognise the security risks that can be found in modern applications
- Perform pen tests on web application and web API’s
- Understand Security concepts in relation to Mobile Android Applications
- Test the end to end mobile and web application solution
Kursusindhold
ToppenModule 1: OWASP Top 10 Application Security Risks
- Injection
- Broken Authentication
- Sensitive Data Exposure
- XXE
- Broken Access Control
- Security Misconfiguration
- Cross-Site Scripting
- Insecure Deserialization
- Components with Known Vulnerabilities
- Insufficient Logging & Monitoring
Module 2: Analysis of Web Application Security
In this module, you will learn how to perform series of web applications and web API penetration tests. Additionally, you will learn the most effective ways of securing them.
- Methodologies of Web Application testing
- Black Box Analysis
- White Box Analysis
- Automating penetration tests with OWASP ZAP
- Web Application Firewall: Traditional vs Anomaly detection modes
Module 3: Analysis of Android Application Security
This module focuses on mobile Android applications, its general design, security concepts and different approaches to penetration tests and security, especially independent from OS version.
- System architecture
- Android OS security features
- Black and White box tests for mobile
- Android storage solutions
- Encryption in App and OS
Module 4: End to End solution testing
This module covers different methods of penetration testing of whole solutions regardless of technology used as development platform.
- Methodologies, solutions and tools
- Fuzzy testing for Mobile applications
- Fuzzy testing for Web API
- Performance testing
Module 5: Use cases and discussion
This module covers discussion about security solutions specific in different technologies. It also demonstrates practical and complete use case of penetration testing and solution in 'hands-on labs' environment.
Forudsætninger
Toppen- Microsoft .Net programing skills and android development basics
Certificeringstest
ToppenRecommended as preparation for the following exams:
- There is no specific exam aligned to this course, however all attendees will receive an online Certificate of Attendance