Static Application Security Testing

Do you know every 1000 lines of code have 4-7 vulnerabilities, which cannot be identified during regular software testing methodologies? One must identify the vulnerabilities by performing the SAST post covering the code into .exe. SAST is nothing but carrying out line by line code review to identify a vulnerability or improperly written piece of code. CyberGnan has come up with a custom designed SAST training course covering the approach, methodology, and tools needed for performing a secure code review.

Course outline:

Introduction to SAST

  1. Blocks of Application
  2. Application Security Principals & OWASP Top 10
  3. Why & How SAST?
  4. Objective & Benefits


Secure Code Review Approaches

Vulnerability Analysis:

  1. Bypassing Authentication
  2. Bypassing Authorization
  3. Database Issues (Injections, Stored Procedures, Persistence Frameworks, etc.)
  4. Session Management
  5. Input Validation
  6. Password Methods
  7. Wireshark Cain and Abel

Parallel Hands on Session
Assorted Topics (Logging, Cryptography, etc.)
Reporting & Recommendations

Hands on:

  1. Open Source Tools
  2. Automated & Manual Analysis
  3. Removal of False Positives
  4. Overview of N/W & Web Vulnerability Assessment

For more details about the course outline, please contact us today.