Table of Contents

  1. Why Application Security?
  2. Modern application Vulnerabilities
  3. Web Pentesting Methodology
  4. Testing Authentication
  5. Testing Session Management
  6. Testing Secure Channels
  7. Testing Secure Access Control
  8. Sensitive Data and Information disclosure
  9. Testing Secure Data validation
  10. Attacking Application Users: Other Techniques
  11. Testing Configuration and Deployment
  12. Automating Custom Attacks
  13. Pentesting Tools
  14. Static Code Analysis
  15. Mitigations and Core Defense Mechanisms