Cybercrime Lawyer India

Unit 1: Application Types

  • Client/Server Applications
  • Components of Client/Server Applications (Logical & Physical Architecture)
  • Web Applications
    • About Web Applications
    • Technologies used to create Web Applications
    • Components of Web Application Architecture
  • Data Warehouse Applications
    • About DW Applications
    • Uses
    • Physical & Logical Architecture
  • Management Information Systems

Unit 2: Web application security

  • Introduction to web application
    • Primer
    • OWASP Top 10 vulnerabilities
    • Mitigation techniques
  • Web Application Security Fundamentals
    • What Do We Mean By Security?
    • The Foundations of Security
    • Threats, Vulnerabilities, and Attacks Defined
    • How to Build a Secure Web Application
  • Secure Your Network, Host, and Application
    • Securing Your Network
    • Network Component Categories
    • Securing Your Host
    • Host Configuration Categories
  • Securing Your Application
    • Application Vulnerability Categories
    • Security Principles

Unit 3: Threats and Countermeasures

  • Overview: Anatomy of an Attack
    • Survey and Assess
    • Exploit and Penetrate
    • Escalate Privileges
    • Maintain Access
    • Deny Service
  • Understanding Threat Categories
    • STRIDE
    • STRIDE Threats and Countermeasures
  • Network Threats and Countermeasures
    • Information Gathering
    • Sniffing
    • Spoofing
    • Session Hijacking
    • Denial of Service
  • Host Threats and Countermeasures
    • Viruses, Trojan Horses, and Worms
    • Footprinting
    • Password Cracking
    • Denial of Service
    • Arbitrary Code Execution
    • Unauthorized Access
  • Application Threats and Countermeasures
    • Input Validation
    • Buffer Overflows
    • Cross-Site Scripting
    • SQL Injection
    • Canonicalization
  • Authentication
    • Network Eavesdropping
    • Brute Force Attacks
    • Dictionary Attacks
    • Cookie Replay Attacks
    • Credential Theft
  • Authorization
    • Elevation of Privilege
    • Disclosure of Confidential Data
    • Data Tampering
    • Luring Attacks
  • Configuration Management
    • Unauthorized Access to Administration Interfaces
    • Unauthorized Access to Configuration Stores
    • Retrieval of Plaintext Configuration Secrets
    • Lack of Individual Accountability
    • Over-privileged Application and Service Accounts
  • Sensitive Data
    • Access to Sensitive Data in Storage
    • Network Eavesdropping
    • Data Tampering
  • Session Management
    • Session Hijacking
    • Session Replay
    • Man in the Middle Attacks
  • Cryptography
    • Poor Key Generation or Key Management
    • Weak or Custom Encryption
    • Checksum Spoofing
  • Parameter Manipulation
    • Query String Manipulation
    • Form Field Manipulation
    • Cookie Manipulation
    • HTTP Header Manipulation
  • Exception Management
    • Attacker Reveals Implementation Details
    • Denial of Service
  • Auditing and Logging
    • User Denies Performing an Operation
    • Attackers Exploit an Application Without Leaving a Trace
    • Attackers Cover Their Tracks

Unit 4: Mobile application security

  • Mobile Platforms
    • Top issues facing mobile devices
    • Secure Mobile application development
    • Android security
    • iOS Security
    • Windows, Blackberry & Java Mobile Security
    • Symbian OS security
    • WebOS security
    • WAP and mobile HTML Security
    • Bluetooth security
    • SMS Security
    • Mobile Geolocation
    • Enterprise Security on Mobile OS
    • Mobile Malwares
    • Mobile security penetration security
    • Encryption and authentications
    • Mobile privacy concerns

Unit 5: Threat Modeling

  • Overview
    • Threat Modeling Principles
    • The Process
    • The Output
  • Step 1. Identify Assets
  • Step 2. Create an Architecture Overview
    • Identify What the Application Does
    • Create an Architecture Diagram
    • Identify the Technologies
  • Step 3. Decompose the Application
    • Identify Trust Boundaries
    • Identify Data Flow
    • Identify Entry Points
    • Identify Privileged Code
    • Document the Security Profile
  • Step 4. Identify the Threats
    • Identify Network Threats
    • Identify Host Threats
    • Identify Application Threats
    • Using Attack Trees and Attack Patterns
  • Step 5. Document the Threats
  • Step 6. Rate the Threats
    • Risk = Probability * Damage Potential
    • High, Medium, and Low Ratings
    • DREAD
  • What Comes After Threat Modeling?
    • Generating a Work Item Report

Unit 6: Application security standards and checklist

  • Application security checklist NIST
  • OWASP security checklist
  • OWASP Application Security Verification Standard

Site Admin

Prev Post
Next Post

Leave a Reply