7Safe Training:Certified Security Testing Professional (CSTP) - Ethical Hacking II Training courses Company Information Consulting Course Catalog Contact Us Request a Quote Government Corporate
 


We are here to help...
Let us answer your questions.
With easy ways to get the answers you need:
Call Me
Or call us at:
      1-888-742-3214

7Safe - Certified Security Testing Professional (CSTP) - Ethical Hacking II
ONSITE TRAINING
The course introduces delegates to the exploitation and security auditing of web appl ications. It also reinforces and develops techniques from CSTA. Web application vulnerabilities can pose serious problems to an organisation’s security. Many do not realise how much control an attacker can gain via a simple flaw in the security of a ublic-facing web application. The CSTP commands industry recognition and forms part of 7Safe’s ground-breaking Masters-level education programme

Certified Security Testing Professional (CSTP) - Ethical Hacking II Training:

Related Courses:

What you will learn

  • Review of professional penetration testing tools
  • Further exercises against Windows and UNIX targets
  • The Metasploit framework
  • Web application security, including:
  • SQL Injection
  • Cross-site scripting (XSS)
  • Cross-site request forgeries (CSRF)
  • Threats to users

Who should attend

Those responsible for, or with an interest in, the security of IT systems and web applications, including (but not limited to): System/Network Administrators, Crime Prevention & Protection Of? cers, Auditors, Security Of? cers, Information Security Professionals & Pen-Testers

Prerequisites

Prior attendance on the CSTA Ethical Hacking:

  • Hands-On training course (or equivalent) is strongly recommended
  • A basic understanding of HTTP & HTML is useful


Course Outline:

INFRASTRUCTURE PENETRATION TESTING

  • Use of the Nikto web server scanner & Nessus
  • Remote registry hacking & silent RAT installation
  • Understand the Metasploit Framework, including the powerful Meterpreter payload

HACKING WEB APPLICATIONS

  • Find & assess weaknesses in PHP & ASP.NET web applications
  • Learn how you can use SQL injection to bypass authentication & reveal confidential information
  • Gain SYSTEM level access to a web server hosting a poorly secured web application
  • Learn what web application vulnerability scanners can and can’t do to map out weaknesses in web applications
  • Practical injection techniques used to glean, manipulate & corrupt data
  • Test and exploit web applications using HTTP request & response modification
  • Launch attacks using an HTTP proxy
  • Further attacks using extended stored procedures

CLIENT-SIDE ATTACKS

  • Discover the potential severity of the often underestimated XSS vulnerability
  • Understand cross-site request forgeries
  • Common browser & e-mail client hacking techniques used to target Internet users
  • Attack a Windows XP Workstation
  • Enhance attacks through e-mail spoofing
  • Use XSS with session cookie theft to compromise a user’s online identity and steal confidential information
  • Launch a web application dictionary attack
  • Use Metasploit’s autopwn to automatically attack a user’s browser
 

For organizational purchases, please send us a message at salesinfo@eno.com or complete and submit this form.