Security testing and awareness
In the Information Age we are living in, the need for security is ubiquitous, but often overlooked in function of presentation. An application not only has to present a smooth user experience but must also protect the data of its users at all costs.
The most obvious risks for web applications are sensitive data exposure and unauthorized access. An insecure application could open a path to an entire database, and in the worst case even full control of a backend server, leading to downtime of the application or leaked personal data that can be leveraged for ransom or can lead to litigation.
The OWASP Foundation (Open Web Application Security Project) provides an extensive framework of information and documentation for security testing. Every four years, they create a list of the 10 most common vulnerabilities in web applications.
PortSwigger’s Burp Suite is a tool that facilitates scanning and penetration testing of a web application.
In this workshop you will see the current OWASP Top 10 and get some hands-on experience with Burp Suite, to learn the basic concepts of web application security and how to test them. The course can be useful for builders (developers), breakers (testers, red team), and defenders (DevOps and SRE, blue team). The target application during the practical exercises is the OWASP Juice Shop, a flagship project of OWASP that serves as a deliberately insecure training application.
What do you need before attending the course?
- Basic experience with development, databases, and testing
- Familiarity with browser developer tools
- A laptop with Burp Suite installed (free Community edition, or a Professional trial)
- Installation of the OWASP Juice Shop (Heroku, Node.js, or Docker)
What will you learn?
- A general introduction to security testing
- The theoretical concepts of each of the OWASP Top 10 entries, with examples and prevention
- Hands-on exercises in Burp Suite, tailored to the OWASP Top 10
- How to continue your journey into security testing