OWASP Application Security Verification Standard (ASVS)


COVID-19 UPDATE
Our courses are now available Online ‘Live’. We are committed to continue delivering high-quality training experience and ensure all participants can learn in an interactive, supportive, and encouraging environment. Email hello@casugol.com for more information.

Course Information

  • Duration: 5 Day / 40 Hours
  • Certification: Participants will receive a Certificate of Competency upon successfully completing the course and passing the examination
  • Who Should Attend: IT Professionals, IT Engineers, Security Analyst, Cyber Security Engineer, Network Engineer, and anyone interested in learning Application Security

Course Objective

OWASP Application Security Verification Standard is designed for anyone interested in acquiring the advanced knowledge and technical know-how to develop and deploy Application Security in their organization

Pre-Requisite

NA

Examination

Participants are required to attempt an examination upon completion of course. This exam tests a candidate’s knowledge and skills related to OWASP Application Security based on the syllabus covered
Module 1 Understanding OWASP Application Security
Topics Covered
  • Introduction to OWASP Framework
  • Introduction to the pre-development phase
  • Introduction to Development stage
  • Introduction to the Deployment stage
  • Introduction to Maintenance phase

Module 2 Web Security Testing
Topics Covered
  • Introduction to Web security testing
  • System identification and Web application platform
  • Identify weaknesses from SSL configuration
  • Identify weaknesses from the configuration section

Module 3 Deep Dive to Web Application Security Tools
Topics Covered
  • The spider tool
  • Google Hacking
  • Analysis of function flow and data flow
  • Overview of vulnerability search techniques
  • Use web proxies to detect and verify vulnerabilities
  • Use Burp Suite

Module 4 Techniques to Identify with Security Loopholes
Topics Covered
  • Search for leaked information from the application
  • Collect user account information
  • Directory Traversal
  • SQL Injection Basic
  • Blind SQL Injection
  • XXE Injection
  • Code Injection

Module 5 Exploitation Techniques
Topics Covered
  • Exploiting techniques from injection vulnerabilities
  • Cross Site Scripting
  • Cross Site Request Forgery
  • Techniques for exploiting from XSS and CSRF vulnerabilities
  • Techniques to exploit errors on client-side (BeEF).

Module 6 Vulnerability Testing and Session Fixation
Topics Covered
  • Session Fixation
  • Session Vulnerabilities
  • Search and exploit unsafe reference objects
  • Search and exploit file manipulation vulnerabilities
  • Vulnerabilities related to redirect and forwardsystem rights


OWASP Application Security Verification Standard (ASVS) involves rigorous usage of real-time case studies, role playing and group discussion