Fawry cloud devops internship
  • Application production deployment architecture
  • Application Deployment Process
  • Application Deployment pricing
  • Kubernetes ConfigMap and Secret
  • Kubernetes Network
  • Kubernetes PV & PVC
  • kubernetea Labs
  • Kubernetes Session 3
  • Kubernetes Session 2
  • Kubernetes Architecture
  • Amazon SQS
  • AWS SNS
  • AWS Elastic Transcode
  • AWS RDS
  • Amazon Aurora RDS
  • Amazon RDS for Oracle
  • Amazon RDS for PostgreSQL
  • Amazon RDS for MySQL
  • Amazon RDS for SQL Server
  • Amazon RDS Multi-AZ with one standby
  • AWS RDS Automated Backup
  • Amazon RDS - Event Notifications
  • Amazon RDS - DB Access Control
  • Amazon RDS - Data Import / Export
  • Amazon RDS - DB Monitoring
  • Amazon RDS on VMware
  • Amazon Aurora Serverless
  • Cloud Computing
  • AWS
  • AWS Features
  • AWS Global Infrastructure
  • AWS Services
  • AWS IAM
  • AWS S3
  • AWS S3 Lifecycle Management
  • EC2
  • Instance types
  • AMI
  • EBS
  • Elastic File System
  • EC2 Lab with EFS shared
  • AWS Route53
  • AWS VPC
  • EC2 placement group
  • AWS LB
  • EC2 Auto Scaling
  • Cloud Watch
  • SeMA Deployment Architecture
    • SeMA application sizing-estimation process .
    • SeMA Deployment Architecture
  • Laravel Deployment Architecture
    • Larvel application sizing-estimation process .
    • SeMA Deployment Architecture
  • SeMA Survey Application Deployment Architecture
  • Fawry DevOps internship Agenda
  • Fawry cloud devops internship
  • User Guide
  • FAQ
  • Application Architecture
    • Architecture
    • UI : Angular 8
    • Web : PHP Laravel
    • Analytics : Metabase
    • DB : MariaDB
    • Application Security Course
  • ZiSoft Deployment
    • Non-Production Deployment
    • Kubernetes Production Deployment
    • Offline Production Deployment
    • SaaS :Kubeapps
  • Linux for DevOps
  • Architecture of Linux system
  • Linux Directory Structure
  • Linux Commands
  • Linux labs
  • Docs
  • GIT
  • Git vs SVN
  • Git Flow / Git Branching Model
  • Git Version Control System
  • Git Terminology
  • Git Commands
  • Git Remote
  • Git Stash
  • Git Merge and Merge Conflict
  • Merge vs Rebase
  • Git Tags
  • Containerization
  • Dockerfile
  • Docker Compose
  • Docker Architecture
  • DevOps part 1 : interview
Powered by GitBook
On this page
  • Course Outline
  • Course content

Was this helpful?

Export as PDF
  1. Application Architecture

Application Security Course

Prepared by Omar-Abdalhamid (Oct .2022)

Application security refers to security precautions used at the application level to prevent the theft or hijacking of data or code within the application. It includes security concerns made during application development and design, as well as methods and procedures for protecting applications once they've been deployed.

Course Overview Application security is the process of developing, adding, and testing security features within applications to prevent security vulnerabilities against threats such as unauthorized access and modification.

All tasks that introduce a secure software development life cycle to development teams are included in application security shortly known as AppSec. Its ultimate purpose is to improve security practices and, as a result, detect, repair, and, ideally, avoid security flaws in applications. It covers the entire application life cycle, including requirements analysis, design, implementation, testing, and maintenance.

Course Outline

Day
Description

Day 1

Application Security Introduction

Day 2

Methodologies & VAPT

Day 3

Secure Coding [ input validation & Session Management ]

Day 4

Risk Rating , Threat Modeling , Encryption and Hashing

Day 5

DevSecOps

Course content

Day 1 : Application Security Introduction

Overview: The first section of the course will set the stage for the course with the fundamentals of web applications such as the HTTP protocol and the various mechanisms that make web applications work. We then transition over to the architecture of the web applications which plays a big role in securing the application.

Topics:

  • Application Security Introduction

  • Application Security Terms and Definitions

  • Application Security Goals

  • OWASP WebGoat Demo

  • Introduction to OWASP Top 10

  • SANS Top 25 Threat

Day 2: Methodologies & VAPT.

Methodologies for developing secure code:

  • Risk analysis

  • Threat modeling

  • Lab : Threat modeling - exercise

  • OWASP community Guidelines for secure coding

  • Verification testing .

VAPT (Vulnerability Assessment and Penetration Test)

  • Introduction to HTTP Protocol

  • Overview of Web Authentication Technologies

  • Web Application Architecture

  • Recent Attack Trends

  • Web Infrastructure Security/Web Application Firewalls

  • Managing Configurations for Web Apps

  • Lab : using Burp proxy to test web applications

Day 3 : Secure Coding [ input validation & Session Management ]

Secure Coding input validation:

  • SQL Injection vulnerability

  • Lab : SQL Injection vulnerability Lab

  • LDAP and XPath Injection vulnerabilities

  • Cross-Site Scripting (XSS) vulnerability

  • Lab : Cross-Site Scripting (XSS) vulnerability Lab

  • OS Command Injection vulnerability

  • Lab : OS Command Injection vulnerability Lab

  • LFI (Local File Inclusion) and RFI (Remote File Inclusion) vulnerabilities

  • Lab : LFI / RFI vulnerabilities Lab

  • Invalidated File Upload vulnerability

  • Lab : Invalidated File Upload vulnerability Lab

  • Buffer Overflow vulnerabilities

  • XXE (XML External Entities) Vulnerabilities

  • Lab : XXE (XML External Entities)

  • Insecure Deserialization

Day 4 : Risk Rating , Threat Modeling , Encryption and Hashing

Risk Rating and Threat Modeling:

  • Risk Rating Introduction

  • Lab : Risk Rating Demo

  • Introduction to Threat Modeling

  • Type of Threat Modeling

  • Introduction to Manual Threat Modeling

  • Lab : Manual Threat Model demo

Encryption and Hashing:

  • Encryption Overview

  • Encryption Use Cases Hashing

  • Lab : Overview Hashing Demo PKI (Public Key Infrastructure)

  • Password Management

  • Lab : Password Demo

Day 5 : DevSecOps

  • SAST (Static Application Security Testing)

  • Lab : Spot Bugs Demo .

  • SCA (Software Composition Analysis)

  • Lab : Snyk Open-Source (SCA)

  • DAST (Dynamic Application Security Testing)

  • Lab : OWASP ZAP Scanning .

  • IAST (Interactive Application Security Testing)

  • RASP (Runtime Application Self-Protection)

  • WAF (Web Application Firewall) Penetration Testing

  • SCA (Software Composition Analysis)

Last updated 2 years ago

Was this helpful?