Table of Contents
- Why Application Security?
- Modern application Vulnerabilities
- Web Pentesting Methodology
- Testing Authentication
- Testing Session Management
- Testing Secure Channels
- Testing Secure Access Control
- Sensitive Data and Information disclosure
- Testing Secure Data validation
- Attacking Application Users: Other Techniques
- Testing Configuration and Deployment
- Automating Custom Attacks
- Pentesting Tools
- Static Code Analysis
- Mitigations and Core Defense Mechanisms