contact@mobignosis.com India: +91 - 9900001329 | US: +1-302-648-5553.

Cyber Security Training – Web & Mobile Apps

About Cyber Security Training

Cyber Application security training is an approach to explore cyber security requirements and uncover vulnerabilities in Web & Mobile Applications (iOS, Android & Windows Phone) by performing static and dynamic cyber security testing. It involves various mobile security concerns, technical issues with mobile platforms, cyber security policies, and solutions.

Course Duration

5 days

Course Pre-Requisites

➔    Targeted Audience: Web Developers, Software Engineers, Engineering Graduates and Graduates from Computer Science/IT

Cyber Security Training Syllabus - Web & Mobile Apps

1. Introduction to Cyber Security and Cyber Security principles

  • Information Cyber Security and Ethical Hacking
  • Cover the CIAAA (Confidentiality, Integrity, Authentication, Authorization and Availability) in depth, enabling the audience to gain and appreciation for their importance, brideging it to their business impact if compromised.
    • Cyber Security framework
    • Cyber Security standards
  • Cover basic access control models. (DAC, MAC, Bella-La-Padulla, U.S.
  • Military Data Classification models etc.).

 

3. Cyber Security in Software Architecture

  • Identity management
  • Authentication
  • authorization
  • Logging and auditing
  • Maturity models

 

5. Web Application Cyber Security

  • Securing Authentication
  • Securing Session Management
  • Securing Access Control
  • Avoiding Malicious Input Control
  • Securing Cryptography at Rest
  • Secure Error Handling and Logging
  • Data Protection
  • Communication Security
  • HTTP Security
  • Malicious Controls
  • Business Logic Security
  • Securing Files and Resources
  • CSP, HSTS, CORS

 

7. Mobile Application Security

  • OWASP Mobile top 10 for Mobile- Just cover these in detail. Give examples of where these were exploited and the degree of harm they caused.
  • For Android – Give a glimpse of the Open Android Security Assessment Methodology
    • Cyber Security model in Android platform
    • Identifying and testing for cyber security flaws
  • For iOS – Give a glimpse of the iOS Application Security
    • Cyber Security model in iOS platform
    • Identifying and Testing for cyber security flaws

9. Mobile Application Primer

  • Coding Practices
  • Handling Sensitive Data
  • Caching and Logging
  • iOS
  • Android
  • Servers

 

11. Database

  • Introduction
  • Overview of Common Database Attacks
  • Pentesting MSSQL Databases
  • Pentesting Oracle Databases
  • PentestingMysql Database
  • Pentesting Mongo Database
  • Securing Databases

2. Cyber Security Software Development Lifecycle

  • Integrating cyber security into software development lifecycle
  • About Secure SDLC
  • Cyber Security in Agile environments
  • DevOps Security

 

4. Cryptography and Common Protocols

  • Symmetric and Asymmetric cryptography
  • Hashing and MAC
  • SSL/TLS – This should be top priority. Merge this with the idea of HTTPS. Explain the protocol.
  • Cover Public key infrastructure.
  • Properly implement transport-level security in software
  • Password security
  • Key management – (Cover recommendations of FIPS 140-2)

 

6. API Security Testing

  • Overview of APIs
  • Types of API
  • API testing
  • Test Harness
  • Requirement of Command Line Tools or scripting
  • Web API testing
  • Web Services API Testing
  • Challenges of API Testing
  • Best Practices in the API Testing
  • Case study
  • API test tools-SOAPUI

 

8. SAST And DAST in Mobile Security Testing

  • Static Application Security Testing (SAST)
  • Dynamic Application Security Testing (DAST)

 

10. Cloud Application

  • Introduction
  • Cloud Benefits
  • Different types of cloud
  • Cloud Adoption stages
  • Applications Deployed in the Cloud
  • Cloud top ten risks

 

12. Network

  • Introduction
  • Kali Linux
  • Bash Environment
  • Port Scanning
  • The Essential Tools
  • Wireshark
  • Buffer Overflow  And Exploitation
  • Working With Exploits
  • Transferring Files
  • Privilege Escalation
  • Client Side Attacks
  • Port Fun
  • Exploit Frameworks
  • Password Attacks
Quick Contact

We're not around right now. But you can send us an email and we'll get back to you, asap.

Questions, issues or concerns? I'd love to help you!

Click ENTER to chat