Source-code-review-Patch-Mgmt

Web/Mobile Application Secure Code review & Patch Management

Software defects, bugs, and flaws in the logic of the program are consistently the cause for application vulnerabilities. Analysis by software security professionals has proven that most vulnerabilities are due to errors in programming. Hence, it has become crucial for organizations to educate their software developers about secure coding practices.

Attackers scan for security vulnerabilities in applications and attempt to use these vulnerabilities to steal secrets, corrupt programs and data, and gain control of computer systems and networks. Sound programming techniques and best practices should be used to develop high quality code to prevent web application attacks. This program is a defensive measure against attacks targeted towards application systems.

Course Overview

This training program focus on the security testing techniques to find out the critical vulnerabilities or security holes in web/mobile applications and also helps candidates in revealing flaws in their applications before they go live.

After completing this course, candidates will be able to identify the root cause of flaws, and build recommendations for remediation. This program not only identifies which statement on which line of code is vulnerable, but is also able to identify the tainted variable that introduces the vulnerability. In this way it illustrates the propagation from root cause, to end result.

This course provide candidates with hands-on learning experience and emphasis entirely on the ins and outs of Web/Mobile App Security assessments methods along with finding the vulnerabilities till patch management.

Today this course & techniques are very demand in Developers & InfoSec consultants working for software companies, IT security firms, Government and Private Sectors etc.

Pre requisites

Candidates must have knowledge of software testing processes, software development experience.

Who Should Attend

This course is intended for –

Course Duration

  • 40 Hours.

Course Objective

Upon successful completion of this course participants will gain the skills and knowledge necessary to:

  • An understanding of advanced web/mobile security testing and penetration techniques.
  • Secure Software Development Lifecycle, threat modelling, software security frameworks, and secure software architectures .
  • Secure concurrency and session management that includes Memory Model, Thread Implementation methods, secure coding practices, and guidelines for handling threads, race conditions, and deadlocks.
  • Core security coding practices of Cryptography that includes Encryption, Key Generator, implementation of Cipher Class, Digital Signatures, Secret Keys, and key management
  • Various application vulnerabilities such as Cross-Site Scripting (XSS), Cross Site Request Forgery (CSRF), Directory Traversal vulnerability, HTTP Response Splitting attack, Parameter Manipulation, Injection Attacks and their countermeasures.
  • Coding testing and review techniques and practices.
  • Methods to recognize and bypass application, platform, and WAF defences
  • Skills to test and evaluate web/mobile services used in an enterprise.
  • Know how to integrate white box testing into your SDLC
  • Be able to perform secure code review with a static analysis tool
  • Identify the type of vulnerabilities you can scan for with a static analysis tool.
  • Choose a static analysis tool for analysis capabilities, vulnerability taxonomy and your specific needs
  • Analyse and prioritize critical vulnerability findings in your software.

Course Content / Outline

Introduction

  • Introduction to the course.
  • How to get most out of the course
  • Resources you will need for the course

Basics

  • How an application works
  • Architecture of web applications

Types of application security testing

  • Black box testing ,White box testing & Grey box testing
  • Vulnerability Assessment vs Penetration testing
  • Application penetration test scope and process
  • Legalities of the VAPT

VAPT Methodologies

  • OWASP, SANS 25, WAHH, OWASP Check-list

Reconnaissance

  • Foot printing Domain details (whois)-Technicalinfo.net
  • OS and Service fingerprinting–Netcraft.com, Banner grabbing,HTTP print
  • Google hacking
  • Load balancer Identification
  • Spidering a web site (wget, Burp spider)
  • Application flow charting
  • Relationship analysis within an application
  • Software configuration discovery

Automated Scanners

  • Effectiveness of Automated tools
  • Reduction of False positives and false Negatives

HTTP Protocol

  • Overview of RFC 2616
  • HTTP Messages & Entities
  • HTTP Request, HTTP Response
  • HTTP Status Codes
  • Various types of encoding schemes

Web servers and clients

  • IIS Server, Apache Server and Other Servers
  • Browsers
  • Browser’s same origin policy
  • Other Web enabled Clients

Server-side and Client-side security controls

  • Input Validation & Output validation (encoding)
  • Insufficient input & output validations
  • Validation approaches
  • Bypass thin/thick(decompile) client validations
  • Leveraging Ajax and web 2.0 in attacks
  • Bypass Server-side validations

Injections

  • SQL Injection, Blind SQL Injection, Command Injection, LDAP Injection, XPATH Injection, SOAP Injection
  • Other Injections
  • Implications of Injections
  • Test methodology for injections
  • Remediation

Cross-site Scripting

  • Reflected XSS, Stored XSS, DOM XSS
  • Implications of XSS
  • Test Methodology for XSS
  • Remediation

Cross-site Request Forgery

  • CSRF with GET method
  • CSRF with POST method
  • Implications of CSRF
  • Test methodology for CSRF
  • Remediation

Authentication testing

  • Guessable Passwords
  • Failure Messages
  • Brute forcing login
  • Plain text password transmission
  • Improper implementation of forgot password functionality
  • Remember Me Functionality
  • Guessable User names
  • Multi factor authentication flaws
  • Fail-Open Login Mechanisms
  • Insecure Storage of Credentials
  • Remediation

Authorization testing

  • Introduction to authorization
  • Implementation weaknesses in authorization
  • Horizontal privilege escalation
  • Vertical privilege escalation
  • URL, Form, cookie based escalation

SSL & Configuration testing

  • Testing SSL / TLS cipher
  • Testing SSL certificate validity–client and server
  • Infrastructure and Application Admin Interfaces
  • Testing for HTTP Methods and XST
  • Testing for file extensions handling
  • Old, Backup and Unreferenced Files
  • Application Configuration Management Testing

Session Management testing

  • Need for session and state
  • Ways to implement state
  • How session state work
  • What are cookies
  • Common Cookies and Session Issues
  • Man in the middle

Brute force web applications

  • Brute force authentication, Brute force Authorization, Brute force web services, Brute force web server, Brute force .htaccess

Parameter Manipulation

  • Query string manipulation, Form field manipulation, Cookie manipulation, HTTP header manipulation

Other Attacks

  • Sniffing, Phishing & Vishing
  • D(D)OS Attacks
  • Invalidated Redirects and Forwards

Firefox security Add-ons

  • Tamper Data
  • SQL inject me
  • XSS me
  • Firebug
  • Live HTTP headers
  • Foxy Proxy
  • Web Developer

Secure Code Review & Analysis

  • The Software Security Problem
  • White-Box Testing and The SDLC
  • Different Types of Code Analysis
  • Manually Source Code Analysis
  • Creating & Managing Scans
  • Scan list & Results