Saturday, 5 October 2024

New Certification Study - SANS 522

Happy to announce that I have enrolled on the SANS 522 course for Web Security. Will keep updating my blog on what have been learned so far. 


Introduction

  • Instructor is Jason Lam 
  • The course comes with six books in PDF and hardcopy format
  • I opted in for purchasing exam voucher and two practice tests
  • The course gives VM so you could practice
  • Also has ondemand videos for each module and topic


Book 1:

  • Focuses on misconfigurations
  • Architecture security
  • Basics of how the web works
  • SSRF
  • HTTP methods

Book 2:
  • Input validation
  • Injection attacks and their mitigations
  • CSRF and other attacks including defences
  • File uploads functionality
  • Unicode attacks


Book 3:

  • Authentication security
  • Authorization security
  • SAML/Oauth security


Book 4:

    • Frontend security
    • AJAX security
    • Webservices
    • NodeJS security
    • Clickjacking
    • Browser security


    Book 5:

        • API security
        • Graphql security
        • Deserialization

        The link for the course is here:

        https://www.sans.org/cyber-security-courses/application-security-securing-web-apps-api-microservices/



        at

        No comments:

        Post a Comment

        Subscribe to: Post Comments (Atom)

        Friday Fun Pentest Series - 16 - Stored XSS with Filter Bypass - blogenginev3.3.8

        Description - It was found that the application was vulnerable to Stored XSS via specific payload that bypassed the filtering in place. Stor...