OWASP TOP 10 Based
Training Course ^*

Bonsai’s OWASP Top 10 Based Training Course focuses on the most risky Web vulnerabilities that can be found in the wild. During this one-day course you are going to attend a series of lectures followed by some hands-on practices and demonstrations. On each practice you will identify vulnerabilities and challenge your understanding on exploiting said vulnerabilities.

This course was developed so that participants with various levels of knowledge can benefit from it as much as possible.

Our training experience helped us create the best OWASP Top 10 Based Training Course, which is oriented in PCI Standard for Payment Applications.

Bonsai’s OWASP TOP 10 Based Training Course was specially designed to meet the essential security needs of Web application developers, QA testers and computer information security experts.

Objectives

Provide the attendees with the knowledge, tools, resources and necessary techniques to understand the different types of Web vulnerabilities in the OWASP Top 10.

Understand the vulnerabilities in a theoretical and practical aspect to be able to identify and fully understand them.

Apply the tools and techniques used by the professionals in a controlled environment with a hands-on methodology an live demonstrations.

Course contents

1. OWASP Top 10
1. Introduction
2. Risk management
3. PCI Security Council & OWASP


2. Basics for safe Web Application development
1. Tainted variables
2. Sensitive sinks
3. Validation functions


3. A1 - Injection
1. Interpreters
2. OS Commanding
3. SQL Injection
4. Login Bypass
5. Blind SQL Injection
6. SQL Injection Countermeasures
7. LDAP Injection
8. XPath / JSON Injection


4. A2 - Cross-site Scripting (XSS)
1. Reflexive and persistent
2. Advanced techniques


5. A3 - Broken authentication and session management
1. Cookies
2. Attacking session
3. Session Fixation
4. Session Prediction


6. A4 - Insecure direct object reference
1. Authorization control in objects
2. Path Traversal
3. Null byte


7. A5 - Cross-site Request Forgery (XSRF)


8. A6 - Security Misconfiguration
1. Backup files
2. Local databases
3. Hidden HTML fields
4. Directory Enumeration
5. Directory Indexing


9. A7 - Insecure Cryptographic Storage


10. A8 - Failure to Restrict URL Access


11. A9 - Insufficient Transport Layer Protection
1. Digital Certificates
2. HTTPS Protocol


12. A10 - Unvalidated Redirects and Forwards

Deliverables

The training deliverables include:

1. Booklet with training course slides
2. Live CD with the Web Application Security tools used during the training
3. VMware image with the training environment
4. Certificate of completion
5. OWASP Top 10 Cheat-sheet

Trainer

The training will be delivered by Nahuel Grisolía, an expert in the Web Application Security field, with more than four years of on the field and research experience with the support of Andrés Riancho, Bonsai Information Security founder..

Additional information

The training is going to be delivered on April 15 (9:00 to 18:00) in Av. Rivadavia 413 - 4th floor, Capital Federal.

The payment methods available are: Cash, Bank transfer, Paycheck y Dinero Mail.

$1.100 ARS + TAX. Reserve your place !

Reserve your place ! 15% Discount before March, 21st

Get group discounts !

^* This is an unofficial training course

If you have any other questions, contact us.

• Quick Links

  • OWASP TOP 10
  • Penetration Test Training
  • w3af Training
  • Web Application Penetration Testing
  • Penetration Testing

• News and Updates

  • Capture the Captcha – And the winner is…

  • Android Application Penetration Testing

  • Capture the Captcha – It’s now Online !