Certified Web Application Security Professional (C-WASP)

Course Duration: 18 hours / 2 days

About the Program

C-WASP is a 2-day Certified Workshop on Core Application Security principles for application developers. Aimed at the Product Developers, Architects, Program Managers and Testers. C-WASP aims to equip the trainees with platform and technology agnostic remediation strategies against application security vulnerabilities.

In addition to the updated concepts of OWASP Top 10 – 2013, the workshop is replete with real world case studies, demonstrations and hands on exercises. The modules are designed to drive home the concept of building applications securely – irrespective of technology and platform.

Introduction to Web Application Security

Understanding the need for Web Application Security and its challenges faced by modern enterprises, previous security incidents, high profile hacks, etc.

Basic Concepts of Information Security

Information Security Concepts that form the bedrock of the understanding of Web Application Security.

Significant Web Application Breaches

An exploration of significant attacks against web applications with a Real life Case Study.

Risk Assessment and Threat Profiling Modeling

Unique Risk Assessment and Threat Profiling Modeling Technique for Web Application Security from CTO’s book “Secure Java for Web Application Development”

  • Web Application Risk Assessment
  • Exploring methods to perform Risk Assessment for Web Applications
Compliance Requirements for web Application Security

Specific compliance requirements and their scope on Web Application Security.

OWASP Top 10

OWASP Top 10 Vulnerabilities, Testing Techniques and Mitigation Techniques.

Integrating Security into Application

Integrating Security into the Application Development Lifecycle (Secure SDLC).

Secure Coding Guidelines

Preventing against common Web Application Vulnerabilities and Penetration Techniques.

Web Application Security for Specific Frameworks
  • Web Application Security for Specific Frameworks etc.
  • Web Application Threat Analysis and Threat Modeling.
  • Identifying Threat Models for Web Application and Integrating Security into the SDLC.
Hands-on Session

Hands-on Lab Session on major topics.

Certification Exam

C-WASP program contains hands-on interactive sessions. The trainees attending these two programs are therefore required to bring their laptops to these programs. At no point during the program would it be required for the laptop to be connected to the internet.

Certified Mobile Application Security Professional (C-MASP)

Course Duration – 9 hours / 1 Day

About the Program

CMASP is a 2-Day workshop is aimed at Mobile Application Developers (Android and iOS), Architects and Program Managers who are directly involved in the design, development and/or maintenance (enhancements) of applications and products on the Android platform.

The course aims to set concepts of Secure Development concepts and practices that should be taken into consideration during the product development lifecycle of Android based applications.

Overview

  • Understanding Mobile Platform Architecture
    • IOS Security Perspective
    • Android Security Perspective
  • Application Security Concepts and Overview
  • Typical Mobile Attacks and Case Studies
  • Developing Mobile Security Policy – In line with company security policy
  • Mobile App Security vs Web App Security
  • Mobile Stack – Security Perspective
  • Mobile Library – Security Perspective
  • Mobile Application Framework – Security Perspective
  • Mobile Application Layer – Security perspective
  • Developing Secure Mobile Apps
Authentication
  • Application Signing
  • File System Access – Security Perspective
  • Web Services Authentication
  • Session Management on Android
  • Authentication Best Practices
Authorization
  • Web Services Authentication
  • Session Management on Android
  • Authentication Best Practices
Encryption and Data Protection
  • Encryption Overview – Security Practices
  • Protecting Data at Rest
  • Protecting Data in transit
  • Web Services Encryption Best Practices
  • Message Authentication and Non-Repudiation
  • Data Privacy Issues and Concern
Secure Coding
  • Protecting against Web Services Attacks – SQL Injection, XSS
  • Protecting against File Inclusion Vulnerabilities
  • Error and Exception Management
  • API Level Security
Logging
  • Logging Practices – Device Logging
  • Centralized Logging Practices
BYOD and Device Administration
  • BYOD and Device Administration – Need and Overview
  • Device Admin API Coverage
Malware and Malware Prevention
  • Malware and Android Malware – Typical Malware
  • Typical Malware Behavior and Characteristics
  • Credit card Skimmer example
  • Malware Prevention Practices for Apps

Certification Exam

C-MASP program contains hands-on interactive sessions. The trainees attending these two programs are therefore required to bring their laptops to these programs. At no point during the program would it be required for the laptop to be connected to the internet.

Contact Us

We're not around right now. But you can send us an email and we'll get back to you, asap.

Not readable? Change text. captcha txt