OWASP Top10 2017 Web Application Security Risks

Live Online | 20th Feb 2018, Tuesday | 4 hrs., 6 PM ET | Completion Cert. | Session Recording

Hack2Secure’s Live Online program on OWASP Top 10 (2017): Web Application Security Risks provides practical walk-
through on some of the common and critical Web Application security concerns faced by organizations and guide
professional through the consequences and techniques to protect against these flaws.

Who Should Attend

 Software Development Team
o Testing Engineer (QA/QE), Developers
o Architects, Consultants,
o Leads, Managers, Research Engineers
 Students, Looking to learn skills related with
Web Application Security Assessment/Testing
 Software Security Team/Office
o Security Engineers and Testers
o Security Analyst, Penetration Testers
o Security Consultants, Auditors
 Anyone, Looking to explore Web Application
Security Testing Tools, Techniques & Practices

Program Scope
Introduction
 About OWASP,
 OWASP Top10 2017 Web Security Risks
 OWASP Risk Rating Methodology
A1:2017 - Injection
 About Injection Risk
o SQL Injection: About, Root Cause
o Command Injection: About, Root Cause
o Demonstration of possible Risk Scenario
 Defensive Best Practices
A2:2017 - Broken Authentication
 Authentication: About, Schemes, Types
 Web Sessions: About, Use Cases
 Broken Authentication
o About Risk
o Demonstration of possible Risk Scenario
 Defensive Best Practices
A3:2017 - Sensitive Data Exposure
 About Risk
 Demonstration of possible Risk Scenario
 Defensive Best Practices
A4:2017 – XML External Entities (XXE)
 About XML External Entities & Associated Risk
 Demonstration of possible Risk Scenario
 Defensive Best Practices
A5:2017 – Broken Access Control
 Authorization: About, Access Control
 Broken Access Control
o About Risk
o Demonstration of possible Risk Scenario
 Defensive Best Practices
A6:2017 – Security Misconfiguration
 About Risk
 Demonstration of possible Risk Scenario
 Defensive Best Practices
A7:2017 - Cross Site Scripting (XSS)
 XSS Risk
o About, Root Cause, Types
o Demonstration of possible Risk Scenario
 Defensive Best Practices
A8:2017 – Insecure Deserialization
 About De-Serialization & Associated Risk
 Defensive Best Practices
A9:2017 - Using Components with Known
Vulnerabilities
 About Risk
 Defensive Best Practices

A10:2017 – Insufficient Logging-Monitoring
 Accountability: About, Associated Risk
 Logging Best Practices

For more details, www.online.hack2secure.com | training@hack2secure.com

 Hack2Secure’s Certification Programs
Web Application Security Defender
Evaluate your Web Security Essential Knowledge & Skills

Globally Available | Proctored | 180 mins. | 90 MCQ | Passing Grade: 60% | Exam Language: English

Web Application Security Defender (WASD) Certificate program evaluates individual's implementation level skills
required for Web Application Security Assessment. It ensures candidate's awareness on Application Security
Challenges, Risk, Tools, Techniques & methodologies along with hands-on practical level knowledge & skill-sets.
For more details, www.hack2secure.com/wasd

Secure Web Application Development

Lifecycle Practitioner
Evaluate your Skills in Secure Application Development

Globally Available | Proctored | 150 mins. | 90 MCQ | Passing Grade: 60% | Exam Language: English

Secure Web Application Development Lifecycle Practitioner (SWADLP) Certificate program evaluates individual's
implementation level skills in Security practices required to ensure Secure Application Development. This
program ensures candidate's awareness on Application Security Challenges, Threats, Standards, Best Practices
and assurance methodologies along with hands-on implementation level knowledge and skill-sets.
For more details, www.hack2secure.com/swadlp

www.hack2secure.com | certificate@hack2secure.com
 About Hack2Secure
Hack2Secure excels in “Information Security” Domain and offers
customised IT Security programs, including Training, Services and
Solutions. Our programs are designed by industry experts and
tailored as per specific needs. We help students, professionals
and companies with knowledge, tools and guidance required to
be at forefront of a vital and rapidly changing IT industry.
InfoSec Training
Vendor Independent, Customizable, Across Domains
Hack2Secure excels in delivering intensive, immersion security
training sessions designed to master practical steps necessary
for defending systems against the dangerous security threats.
Our wide range of fully customizable training courses allow
individual to master different aspects of Information Security as
per their industry requirement and convenience.
 Delivered Training to more than 15k+ Professionals Globally
 Vendor Independent programs aligned with Industry Security Practices and Requirements
InfoSec Certification
 Globally delivered and Proctored Security Certification programs with PearsonVUE
 Vendor Independent Programs based on Industry Security Standards and Practices

End-to-End InfoSec Services

Hack2Secure offers IT Security Professional Services to provide ways to stay ahead of Security
Threats through adaptive and proactive Security methods like
 Secure Software Development Lifecycle
 Secure Application Design & Threat Modeling
 Application Security Testing
 Network/Infrastructure Risk Assessment
 Consulting

Hack2Secure featured as:

hack2secure
+91 (80) 49 58 32 99
+91 (80) 49 58 33 99
25 FASTEST GROWING CYBER SECURITY
COMPANIES IN INDIA
Source: The CEO Magazine, India
10 BEST SECURITY COMPANIES in INDIA: 2017
Source: Silicon Review Magazine, India

EXCELLENCE IN SECURITY TRAINING

PROGRAMMES
Source: GDS Review Magazine

www.hack2secure.com | info@hack2secure.com