Detailed Course Outline
Day 1
Authorization
- Session Management
- Logical Flaws
- Web Server Misconfiguration
- Application Server Misconfiguration
- HTTP Methods
- SSL and MITM attacks
Cross Site Issues
- Cross Site Scripting
- Cross Site Request Forgery
- Session Fixation
- CRLF Injection
- Flash and Cross Domain Issues
Day 2
Server Side Issues
- SQL Injection
- File Uploads
- Server Side Includes
- File Inclusion
- Direct Object Reference
- OS Code Execution
Best Security practice
- HSTS
- Content Security Policy
- Defence in Depth