Visão Geral

Os testes de segurança exigem um conhecimento notável em segurança de software e um nível saudável de paranóia, e é isso que este curso oferece: um forte envolvimento emocional por meio de muitos laboratórios práticos e histórias da vida real. Este Curso Java Applications - Security Testing aborda os problemas comuns de segurança de aplicativos da Web seguindo o OWASP Top Ten, mas vai muito além, tanto na cobertura quanto nos detalhes. Um foco especial é dado à localização de todos os problemas discutidos durante os testes, e é fornecida uma visão geral sobre metodologia, técnicas e ferramentas de testes de segurança.

Objetivo

Após concluir este Curso Java Applications - Security Testing, você será capaz de:

• Familiarizando-se com conceitos essenciais de segurança cibernética
• Noções básicas sobre problemas de segurança de aplicativos da Web
• Análise detalhada dos dez principais elementos do OWASP
• Colocando a segurança de aplicativos da Web no contexto de Java
• Indo além dos frutos mais fáceis de alcançar
• Compreender a metodologia e abordagens de testes de segurança
• Familiarizando-se com técnicas e ferramentas comuns de teste de segurança
• Gerenciando vulnerabilidades em componentes de terceiros
• Identifique vulnerabilidades e suas consequências
• Melhores práticas de segurança em Java
• Abordagens e princípios de validação de entrada

Publico Alvo

• Desenvolvedores e testadores Java trabalhando em aplicativos da Web

Pre-Requisitos

• Desenvolvimento geral Java e Web, testes e controle de qualidade

Materiais

Conteúdo Programatico

Cyber security basics

1. What is security?
2. Threat and risk
3. Cyber security threat types
4. Consequences of insecure software

The OWASP Top Ten - 1

• OWASP Top 10 - 2017
• A1 - Injection

1. Injection principles
2. Injection attacks
3. SQL injection
4. SQL injection basics
5. Attack techniques
6. Content-based blind SQL injection
7. Time-based blind SQL injection
8. Input validation
9. Parameterized queries
10. Additional considerations
11. Testing for SQL injection

• Code injection

1. OS command injection
2. Using Runtime.exec()
3. Using ProcessBuilder
4. Testing for command injection
5. Script injection

• A2 - Broken Authentication

1. Authentication basics
2. Multi-factor authentication
3. Authentication weaknesses - spoofing
4. Spoofing on the Web
5. Testing for weak authentication
6. Password management
7. Inbound password management
8. Storing account passwords
9. Password in transit
10. Dictionary attacks and brute forcing
11. Salting
12. Adaptive hash functions for password storage
13. Password policy
14. NIST authenticator requirements for memorized secrets
15. The dictionary attack
16. The ultimate crack
17. Exploitation and the lessons learned
18. Password database migration
19. (Mis)handling null passwords
20. Testing for password management issues

Security testing - 1

1. Security testing vs functional testing
2. Manual and automated methods
3. Security testing methodology
4. Security testing - goals and methodologies
5. Overview of security testing processes
6. Identifying and rating assets
7. Preparation
8. Identifying assets
9. Identifying the attack surface
10. Assigning security requirements

• Threat modeling

1. SDL threat modeling
2. Mapping STRIDE to DFD
3. DFD example
4. Attack trees
5. Attack tree example
6. Misuse cases
7. Misuse case examples
8. Risk analysis
9. Security testing approaches
10. Reporting, recommendations, and review

The OWASP Top Ten - 2

• A3 - Sensitive Data Exposure

1. Information exposure
2. Exposure through extracted data and aggregation

• A4 - XML External Entities (XXE)

1. DTD and the entities
2. Entity expansion
3. External Entity Attack (XXE)
4. File inclusion with external entities
5. Server-Side Request Forgery with external entities
6. Preventing XXE

• A5 - Broken Access Control

1. Access control basics
2. Failure to restrict URL access
3. Testing for authorization issues
4. Confused deputy
5. Insecure direct object reference (IDOR)
6. Authorization bypass through user-controlled keys
7. Testing for confused deputy weaknesses

• File upload

1. Unrestricted file upload
2. Good practices
3. Testing for file upload vulnerabilities

• A6 - Security Misconfiguration

1. Configuration principles
2. Configuration management
3. Testing for misconfiguration issues

• A7 - Cross-site Scripting (XSS)

1. Cross-site scripting basics
2. Cross-site scripting types
3. Persistent cross-site scripting
4. Reflected cross-site scripting
5. Client-side (DOM-based) cross-site scripting
6. Protection principles - escaping
7. XSS protection APIs in Java
8. XSS protection in JSP
9. Additional protection layers
10. Client-side protection principles
11. Testing for XSS

The OWASP Top Ten - 3

• A8 - Insecure Deserialization

1. Serialization and deserialization challenges
2. Deserializing untrusted streams
3. Using ReadObject
4. Sealed objects
5. Look ahead deserialization
6. Testing for insecure deserialization
7. Property Oriented Programming (POP)
8. Creating payload

• A9 - Using Components with Known Vulnerabilities

1. Using vulnerable components
2. Untrusted functionality import
3. Importing JavaScript
4. Vulnerability management
5. Patch management
6. Vulnerability databases
7. DevOps, the build process and CI / CD
8. Dependency checking in Java

• A10 - Insufficient Logging & Monitoring

1. Logging and monitoring principles
2. Insufficient logging
3. Plaintext passwords at Facebook
4. OWASP security logging library for Java

• Web application security beyond the Top Ten

1. Client-side security
2. Tabnabbing
3. Frame sandboxing
4. Cross-Frame Scripting (XFS) attack
5. Clickjacking beyond hijacking a click

Security testing - 2

• Security testing techniques and tools
• Code analysis

1. Security aspects of code review
2. Static Application Security Testing (SAST)

• Dynamic analysis

1. Security testing at runtime
2. Penetration testing
3. Stress testing
4. Dynamic analysis tools
5. Dynamic Application Security Testing (DAST)
6. Web vulnerability scanners
7. SQL injection tools
8. Proxy servers
9. Fuzzing

Common software security weaknesses

• Input validation
• Input validation principles

1. Blacklists and whitelists
2. Data validation techniques
3. What to validate - the attack surface
4. Where to validate - defense in depth
5. How to validate - validation vs transformations
6. Output sanitization
7. Encoding challenges
8. Validation with regex

• Unsafe reflection

1. Reflection without validation