This 3-day hands-on web security training will cover the fundamentals of web security, including common web security vulnerabilities such as SQL injection, cross-site scripting, CSRF, and more. Participants will learn how to set up a virtual lab environment to simulate web vulnerabilities and practice exploiting them. The training will also cover web application vulnerability scanning techniques and topics such as authentication and authorization, session management, and secure coding practices. Additionally, the training will cover supply chain attacks and their impact on web security. Throughout the training, there will be case studies and examples of real-world web security breaches to illustrate the importance of web security and the impact of vulnerabilities. The lab exercises will provide hands-on experience with identifying and exploiting vulnerabilities, as well as implementing best practices to prevent them.
Training level: Basic; Intermediate
Day 1: Introduction to Web Security
Day 2: Web Application Vulnerability Scanning
Day 3: Threat Modeling & Supply Chain Attacks
It would be nice if you can install the following software on your laptop, in advance. This will allow you to check if your laptop supports the listed software.
Anyone with an interest in Information Security and who's not averse to Docker or Robot Framework can choose to attend the session.
Expect that some amount of time will be spent on understanding the minimum required basics for Docker, Robot Framework, and other tools (e.g., intercepting proxy). All of this knowledge will help you in setting up your own lab and understanding the nature of various security vulnerabilities.
You will receive a well-documented instruction manual that will cover details of the training contents.
Do not expect the trainer to resolve Internet issues or laptop configuration issues. Please do NOT bring very old laptops that do not support the latest technologies/software.
Riddhi Shree, is an information security enthusiast, currently working as technical lead for the product security team at Qualcomm. She has professional experience in software testing, Web app pen testing, and Android and iOS app pen testing. Other than information security, she also has experience in Web and mobile app development. She has created a cloud-based vulnerable Android app, called VyAPI, that demonstrates OWASP Mobile's top 10 vulnerabilities. In the past, she was leading community activities for open security communities like the null Bangalore chapter and Winja. Having an interest in capture-the-flag events, she has organized and led a team of passionate volunteers for several Winja CTF events, both, online and offline. She has given talks and training at various security conferences, including BSides (Delhi), c0c0n (Kochi), Nullcon (Goa), ISC2 (Bangalore), HITB (Abu Dhabi), Wicked6, and Texas Cyber Summit.