Course Overview

Gain expertise in OWASP tools, insecure deserialization, clickjacking, API security, and related methodologies. Develop skills in black-box and white-box testing, fuzzing, cryptography, digital signatures, patch management, and more.

Course Curriculum

Course Content

  • IITM CS - Application and Web Application Security

    Preview
    • Lesson 01: Core Concepts in Web Application Security

      • 1.01 Introduction to Application
      • 1.02 Web Application
      • 1.03 Understanding LAMP and XAMPP
      • 1.04 Public Key Infrastructure (PKI)
      • 1.05 Wildcard Certificates
      • 1.06 Encryption
      • 1.07 Application Monitoring & Logging
    • Lesson 02: Scope of Secure software requirement

      • 2.01 Requirements to Ensure Software Security: Overview
      • 2.02 Secure Software Requirements
      • 2.03 General Security Requirements
      • 2.04 Operational Security Requirements
      • 2.05 Deployment Environment Requirements
      • 2.06 Archiving Requirements
      • 2.07 Anti-Piracy Requirements: Overview
      • 2.08 Sequencing and Time Requirements
      • 2.09 Best Practices for Ensuring Integrity of Applications source code
      • 2.10 Obfuscation
      • 2.11 Anti-Reversing Techniques
      • 2.12 Importance of code Signing
    • Lesson 03: Implementing security in web application

      • 3.01 OWASP Top 10: Strengthening Web Application Security
      • 3.02 Understanding Broken Access Control
      • 3.03 Understanding Cryptographic Failures
      • 3.04 Overview of Injection
      • 3.05 Blueprints of Vulnerability: The Risks of Insecure Design
      • 3.06 The Dangers of Security Misconfiguration
      • 3.07 The Risk of Vulnerable and Outdated Components
      • 3.08 Identification and Authentication Failures
      • 3.09 Software and Data Integrity Failures
      • 3.10 Security Logging and Monitoring Failures
      • 3.11 Exploring Server-Side Request Forgery (SSRF)
    • Lesson 04: Weaknesses in AppSec

      • 4.01 2024 CWE Top 25: The Pinnacle of Software Weakness
      • 4.02 Building Resiliant Systems: Secure Software Development Lifecycle (SDLC)
      • 4.03 Threat Modeling in Secure SDLC
    • Lesson 05: Application Security

      • 5.01 Secure Software Testing
      • 5.02 Overview of Static Application Security Testing (SAST)
      • 5.03 Overview of Dynamic Application Security Testing (DAST)
      • 5.04 Overview of Interactive Application Security Testing (IAST)
      • 5.05 Overview of Penetration Testing
    • Lesson 06: Common Vulnerabilities in Application Security

      • 6.01 Overview of Application Vulnerabilities
      • 6.02 Overview of Buffer Overflow
      • 6.03 Overview of Integer Overflow
      • 6.04 Overview of Format String Vulnerabilities
      • 6.05 Overview of Privilege Escalation
      • 6.06 Overview of Command Injection Attacks
      • 6.07 Overview of SQL Injection Attacks
      • 6.08 Overview of Cross-Site Scripting (XSS) Attacks
    • Lesson 07: Securing the Future: Threat Identification and Risk Mitigation Frameworks

      • 7.01 Overview of Cybersecurity Threats and Risks
      • 7.02 Overview of Attack Vectors and Methods
      • 7.03 Techniques and Tools for Identifying System Vulnerabilities
      • 7.04 Overview of Regular Assessments and Updates
      • 7.05 Overview of Cyber Risk Metrics and Computation Methods
      • 7.06 Utilizing Excel for Risk Scenario Modeling
      • 7.07 Overview of Risk Scores
      • 7.08 Overview of Risk Prioritization and Mitigation Planning
    • Lesson 08: Cyber Resilience and Cybersecurity Maturity Models

      • 8.01 Overview of Cyber Resilience
      • 8.02 Strategies to Enhance Resilience Against Cyber Attacks
      • 8.03 Importance of Recovery Planning and Incident Response
      • 8.04 Overview of Cybersecurity Maturity
      • 8.05 Overview of Cybersecurity Models and Frameworks

Why Join this Program

  • Develop skills for real career growthCutting-edge curriculum designed in guidance with industry and academia to develop job-ready skills
  • Learn from experts active in their field, not out-of-touch trainersLeading practitioners who bring current best practices and case studies to sessions that fit into your work schedule.
  • Learn by working on real-world problemsCapstone projects involving real world data sets with virtual labs for hands-on learning
  • Structured guidance ensuring learning never stops24x7 Learning support from mentors and a community of like-minded peers to resolve any conceptual doubts
  • Acknowledgement
  • PMP, PMI, PMBOK, CAPM, PgMP, PfMP, ACP, PBA, RMP, SP, OPM3 and the PMI ATP seal are the registered marks of the Project Management Institute, Inc.