Web Application Security Training

7254 Learners

Web Application Security Training aims to insights the candidates on ModSecurity profiler analyzes the traffic of web applications to develop the profiles for implementing a robust security model. The training focuses on the ModSecurity rules, which tend to detect most of the rampant web attacks and offering protection to the information system from various forms of attacks by making the use of mechanisms like real time analysis, logging and monitoring.

After the completion of the Web Application Security Training, the candidates would be able to:

  • Understand the Integrate with Apache
  • Learn how to install as well as Configure ModSecurity
  • Know all about: Performance, Virtual Patches and Audit logs
  • Develop understanding on Blocking General Attacks
  • Learn how to write Rules in ModSecurity
  • How to protect the Web Applications using different mechanisms?
  • What are Chroot Jails?
  • REMO - Create and modify rules
Target audience
  • IT professionals willing to learn ModSecurity skill so that they could ensure the security of the organization's information assets.
Prerequisites

The prerequisites for the Web Application Security course:

  • Basic of Web Application Security Issues.
  • Knowledge of the basics of TCP/IP Network Operation.
  • Understanding of the common web technologies and services is required

Web Application Security Training aims to insights the candidates on ModSecurity profiler analyzes the traffic of web applications to develop the profiles for implementing a robust security model. The training focuses on the ModSecurity rules, which tend to detect most of the rampant web attacks and offering protection to the information system from various forms of attacks by making the use of mechanisms like real time analysis, logging and monitoring.

After the completion of the Web Application Security Training, the candidates would be able to:

  • Understand the Integrate with Apache
  • Learn how to install as well as Configure ModSecurity
  • Know all about: Performance, Virtual Patches and Audit logs
  • Develop understanding on Blocking General Attacks
  • Learn how to write Rules in ModSecurity
  • How to protect the Web Applications using different mechanisms?
  • What are Chroot Jails?
  • REMO - Create and modify rules
Target audience
  • IT professionals willing to learn ModSecurity skill so that they could ensure the security of the organization's information assets.
Prerequisites

The prerequisites for the Web Application Security course:

  • Basic of Web Application Security Issues.
  • Knowledge of the basics of TCP/IP Network Operation.
  • Understanding of the common web technologies and services is required

Web Application Security Training Course Content

1. Installation and Configuration

  • Unpacking the source code
  • Required additional libraries and files
  • Compilation
  • Testing your installation

2. Integrating ModSecurity with Apache

  • Integrating ModSecurity with Apache
  • Configuration file
  • Completing the configuration

3 . Writing Mod Security Rules

  • Variables and collections
  • Creating chained rules
  • Using @rx to block a remote host
  • Simple string matching
  • Matching numbers
  • More about collections
  • Transformation functions
  • Phases and rule ordering
  • Actions—what to do when a rule matches
  • Macro expansion
  • SecRule in practice
  • SecRule in practice
  • Blocking uncommon request methods
  • Restricting access to certain times of day
  • Detecting credit card leaks
  • Detecting credit card numbers
  • Executing shell scripts
    • Sending alert emails
    • Sending more detailed alert emails
    • Counting file downloads
    • Blocking brute-force password guessing

4  . Performance

  • A typical HTTP request
  • A real-world performance test
  • The core rule set
  • Installing the core rule set
  • ModSecurity without any loaded rules
  • ModSecurity with the core ruleset loaded
  • Optimizing performance

5 . Audit Logging

  • Enabling the audit log engine
  • Single versus multiple file logging
  • Determining what to log
  • Log format
  • Concurrent logging
  • Selectively disabling logging
  • Audit log sanitization actions
  • The ModSecurity Console

6 . Virtual Patching

  • Creating a virtual patch
  • From vulnerability discovery to virtual patch:
  • Creating the patch
  • Changing the web application for additional security
  • Testing your patches
  • Cross-site scripting

7 . Blocking Common Attacks

  • HTTP fingerprinting
    • How HTTP fingerprinting works
      • Server banner
      • Response header
      • HTTP protocol responses
    • Using ModSecurity to defeat HTTP fingerprinting
  • Blocking proxied requests
  • Cross-site scripting
  • Preventing XSS attacks
  • PDF XSS protection
    • Http Only cookies to prevent XSS attacks
  • Cross-site request forgeries
    • Protecting against cross-site request forgeries
  • Shell command execution attempts
  • Null byte attacks
    • ModSecurity and null bytes
  • Source code revelation
  • Directory traversal attacks
  • Blog spam
  • SQL injection
  • Preventing SQL injection attacks
  • Website defacement
  • Brute force attacks
  • Directory indexing
  • Detecting the real IP address of an attacker

8 . Chroot Jails

  • What is a chroot jail?
  • A sample attack
  • Traditional chrooting
  • How ModSecurity helps jailing Apache
  • Using ModSecurity to create a chroot jail
  • Verifying that the jail works
  • Chroot caveats

9 . REMO

  • Remo rules
  • Creating and editing rules
  • Installing the rules

10. Protecting a Web Application

  • Step 1: Identifying user actions
  • Step 2: Getting detailed information on each action
  • Step 3: Writing rules
  • Step 4: Testing the new ruleset
  • Blocking what's allowed—denying everything else
  • Cookies
  • Headers
  • Securing the "Start New Topic" action
  • The ruleset so far
  • The finished ruleset
  • Alternative approaches
  • Keeping everything up to date

11. Securing Web Goat (Vulnerable Web Application) with MODSECURITY

Drop Us a Query

+91 95550 06479

Available 24x7 for your queries

Web Application Security Corporate Training & Certification Program

Employee training and development programs are essential to the success of businesses worldwide. With our best-in-class corporate trainings you can enhance employee productivity and increase efficiency of your organization. Created by global subject matter experts, we offer highest quality content that are tailored to match your company’s learning goals and budget.

Learn from the experts

Customized Training

Be it schedule, duration or course material, you can entirely customize the trainings depending on the learning requirements of your workforce. You can even choose a trainer from our team of certified industry experts.

Learn from the experts

Expert Mentors

Get trained from our team of highly skilled and certified trainers, who are officially accredited professionals with relevant industry experience and adept in providing the knowledge and skills required to be successful.

Learn from the experts

360º Learning Solution

Engage your employees with our all-inclusive learning platform. Avail benefits of 24/7 access to the learning management system, industry-certified mentors, assessments & mock tests, real-time learning and more.

Learn from the experts

Learning Assessment

Check test score and performance with our skills analysis tools. Our detail scoreboard displays scores, areas of strength, detailed answer of questions and more for each employee.

Download Corporate Brochure

+91 9555006479

Available 24x7