Web App Penetration Testing and Ethical Hacking Training

Web App Penetration Testing and Ethical Hacking Training

Course Delivery

This Course is available in the following format:

Request this course in a different delivery format

GSA Schedule 70 Saving for Government Customers

Course Overview:

Web App Penetration Testing and Ethical Hacking Training – Hands-on

Web App Penetration Testing and Ethical Hacking Training Course helps students move beyond push-button scanning to professional, thorough, high-value web application penetration testing.

Web applications play a vital role in every modern organization. But, if your organization does not properly test and secure its web apps, adversaries can compromise these applications, damage business functionality, and steal data. Unfortunately, many organizations operate under the mistaken impression that a web application security scanner will reliably discover flaws in their systems.

Students routinely show up to Web App Penetration Testing and Ethical Hacking Training having been demoralized by their organization’s web application vulnerability scanner. Sitting on the business end of these scanners, students regularly attest to 1,000+ pages of output littered with false positives. One of the most rewarding aspects of teaching Web App Penetration Testing and Ethical Hacking Training is seeing and hearing those very same students’ enthusiasm for applying the skills they have learned through the week to the applications they are responsible for securing. They intrinsically knew the push-button approach to penetration testing was failing them, but lacked the knowledge and skill to ably and efficiently perform any other style of assessment. We are happy to say that Web App Penetration Testing and Ethical Hacking Training remedies this problem. Students walk away from Web App Penetration Testing and Ethical Hacking Training class with a deep knowledge of key web application flaws and how to discover and exploit them, as well as how to present these findings in an impactful way.

Customize it

● We can adapt this Web App Penetration Testing and Ethical Hacking Training course to your group’s background and work requirements at little to no added cost.
● If you are familiar with some aspects of this Web App Penetration Testing and Ethical Hacking Training course, we can omit or shorten their discussion.
● We can adjust the emphasis placed on the various topics or build the course around the mix of technologies of interest to you (including technologies other than those included in this outline).
● If your background is nontechnical, we can exclude the more technical topics, include the topics that may be of special interest to you (e.g., as a manager or policy-maker), and present the course in manner understandable to lay audiences.

Audience / Target Group:

The target audience for this Web App Penetration Testing and Ethical Hacking Training course:

● General security practitioners
● Penetration testers
● Ethical hackers
● Web application developers
● Website designers and architects

Class Prerequisites:

The knowledge and skills that a learner must have before attending this Web App Penetration Testing and Ethical Hacking Training course are:

● Web App Penetration Testing and Ethical Hacking Training assumes students have a basic working knowledge of the Linux command line

What You Will Learn:

Upon completing this Web App Penetration Testing and Ethical Hacking Training course, learners will be able to meet these objectives:

• To apply a repeatable methodology to deliver high-value penetration tests.
• How to discover and exploit key web application flaws.
• How to explain the potential impact of web application vulnerabilities.
• The importance of web application security to an overall security posture.
• How to wield key web application attack tools more efficiently.

Course Outline:

Web Penetration Testing and Ethical Hacking: Introduction and Information Gathering

Overview of the web from a penetration tester’s perspective
Exploring the various servers and clients
Discussion of the various web architectures
Discovering how session state works
Discussion of the different types of vulnerabilities
Defining a web application test scope and process
Defining types of penetration testing
Heartbleed exploitation
Utilizing the Burp Suite in web app penetration testing

Web Penetration Testing and Ethical Hacking: Configuration, Identity, and Authentication Testing

Discovering the infrastructure within the application
Identifying the machines and operating systems
Secure Sockets Layer (SSL) configurations and weaknesses
Exploring virtual hosting and its impact on testing
Learning methods to identify load balancers
Software configuration discovery
Exploring external information sources
Learning tools to spider a website
Scripting to automate web requests and spidering
Brute forcing unlinked files and directories
Discovering and exploiting Shellshock
Web Penetration Testing and Ethical Hacking: Injection
Python for web app penetration testing

Web app vulnerabilities and manual verification techniques

Interception proxies
Zed Attack Proxy (ZAP)
Burp Suite
Information leakage and directory browsing
Username harvesting
Command Injection
Directory traversal
Local File Inclusion (LFI)
Remote File Inclusion (RFI)
SQL injection
Blind SQL injection
JavaScript for the attacker

Web Penetration Testing and Ethical Hacking: JavaScript and XSS

Cross-Site Scripting (XSS)
Cross-Site Request Forgery (CSRF)
Session flaws
Session fixation
AJAX
XML and JSON
Logic attacks
Data binding attacks
Automated web application scanners
w3af

Web Penetration Testing and Ethical Hacking: CSRF, Logic Flaws and Advanced Tools

The sqlmap tool
Metasploit for web penetration testers
Exploring methods to zombify browsers
Browser Exploitation Framework (BeEF)
Leveraging attacks to gain access to the system
How to pivot our attacks through a web application
Understanding methods of interacting with a server through SQL injection
Exploiting applications to steal cookies
Executing commands through web application vulnerabilities
Walking through an entire attack scenario

Whether you are looking for general information or have a specific question, we want to help!

Request More Information

Print Friendly, PDF & Email