This Course is available in the following format:
Web App Penetration Testing and Ethical Hacking Training – Hands-on
Web App Penetration Testing and Ethical Hacking Training Course helps students move beyond push-button scanning to professional, thorough, high-value web application penetration testing.
Web applications play a vital role in every modern organization. But, if your organization does not properly test and secure its web apps, adversaries can compromise these applications, damage business functionality, and steal data. Unfortunately, many organizations operate under the mistaken impression that a web application security scanner will reliably discover flaws in their systems.
Students routinely show up to Web App Penetration Testing and Ethical Hacking Training having been demoralized by their organization’s web application vulnerability scanner. Sitting on the business end of these scanners, students regularly attest to 1,000+ pages of output littered with false positives. One of the most rewarding aspects of teaching Web App Penetration Testing and Ethical Hacking Training is seeing and hearing those very same students’ enthusiasm for applying the skills they have learned through the week to the applications they are responsible for securing. They intrinsically knew the push-button approach to penetration testing was failing them, but lacked the knowledge and skill to ably and efficiently perform any other style of assessment. We are happy to say that Web App Penetration Testing and Ethical Hacking Training remedies this problem. Students walk away from Web App Penetration Testing and Ethical Hacking Training class with a deep knowledge of key web application flaws and how to discover and exploit them, as well as how to present these findings in an impactful way.
● We can adapt this Web App Penetration Testing and Ethical Hacking Training course to your group’s background and work requirements at little to no added cost.
● If you are familiar with some aspects of this Web App Penetration Testing and Ethical Hacking Training course, we can omit or shorten their discussion.
● We can adjust the emphasis placed on the various topics or build the course around the mix of technologies of interest to you (including technologies other than those included in this outline).
● If your background is nontechnical, we can exclude the more technical topics, include the topics that may be of special interest to you (e.g., as a manager or policy-maker), and present the course in manner understandable to lay audiences.
Audience / Target Group:
The target audience for this Web App Penetration Testing and Ethical Hacking Training course:
● General security practitioners
● Penetration testers
● Ethical hackers
● Web application developers
● Website designers and architects
The knowledge and skills that a learner must have before attending this Web App Penetration Testing and Ethical Hacking Training course are:
● Web App Penetration Testing and Ethical Hacking Training assumes students have a basic working knowledge of the Linux command line
What You Will Learn:
Upon completing this Web App Penetration Testing and Ethical Hacking Training course, learners will be able to meet these objectives:
• To apply a repeatable methodology to deliver high-value penetration tests.
• How to discover and exploit key web application flaws.
• How to explain the potential impact of web application vulnerabilities.
• The importance of web application security to an overall security posture.
• How to wield key web application attack tools more efficiently.
Web Penetration Testing and Ethical Hacking: Introduction and Information Gathering
Overview of the web from a penetration tester’s perspective
Exploring the various servers and clients
Discussion of the various web architectures
Discovering how session state works
Discussion of the different types of vulnerabilities
Defining a web application test scope and process
Defining types of penetration testing
Utilizing the Burp Suite in web app penetration testing
Web Penetration Testing and Ethical Hacking: Configuration, Identity, and Authentication Testing
Discovering the infrastructure within the application
Identifying the machines and operating systems
Secure Sockets Layer (SSL) configurations and weaknesses
Exploring virtual hosting and its impact on testing
Learning methods to identify load balancers
Software configuration discovery
Exploring external information sources
Learning tools to spider a website
Scripting to automate web requests and spidering
Brute forcing unlinked files and directories
Discovering and exploiting Shellshock
Web Penetration Testing and Ethical Hacking: Injection
Python for web app penetration testing
Web app vulnerabilities and manual verification techniques
Zed Attack Proxy (ZAP)
Information leakage and directory browsing
Local File Inclusion (LFI)
Remote File Inclusion (RFI)
Blind SQL injection
Cross-Site Scripting (XSS)
Cross-Site Request Forgery (CSRF)
XML and JSON
Data binding attacks
Automated web application scanners
Web Penetration Testing and Ethical Hacking: CSRF, Logic Flaws and Advanced Tools
The sqlmap tool
Metasploit for web penetration testers
Exploring methods to zombify browsers
Browser Exploitation Framework (BeEF)
Leveraging attacks to gain access to the system
How to pivot our attacks through a web application
Understanding methods of interacting with a server through SQL injection
Exploiting applications to steal cookies
Executing commands through web application vulnerabilities
Walking through an entire attack scenario