Web Application Penetration Testing
The 8-day Web Application Penetration Testing course teaches participants the fundamentals of penetrating web applications and how to exploit a variety of known vulnerabilities. Participants will be introduced to many techniques used by pentesters and learn how to check for most security vulnerabilities, how to identify security bugs and many more practical skills. The course is geared towards hands-on practitioners and includes a variety of live demonstrations and immersive exercise labs. This course features hands-on simulations provided by @Cywar – a gamified training and assessment platform by HackerU Solutions.
Upon course completion, participants will be able to: ו Test web applications and exploit a broad range of vulnerabilities ו Perform lesser-known functions and tricks in order to overcome seemingly impenetrable apps or web functions ו Perform JavaScript basics in order to run penetration tests on a broad level while understanding its impact on security at large
Related products
...[Read More]
Description
Prerequisites :
-Knowledge in Information Security, Computer Networking and Common Protocols is a must
-Familiarization with ethical hacking and/or infrastructure hacking
-Basic knowledge of web development (HTML, CSS, JavaScript, etc.) is an advantage but not required
Module-1:
Web Fundamentals
-Web Technologies Overview
-Browser tools & Debugging
-OWASP Top10
Module-2:
Web Server Installation
-Apache Secure Installation
-Apache Secure Configuration
-Hardening Apache
Module-3:
Traffic Manipulation
-Burp Suite
-OWASP Zap
-Web Site Enumeration
-Web Application Brute-Force Challenge
Module-4:
Web Cryptography
-HTTP vs HTTPS
-SSL vs TLS
-Cipher Suites
-OpenSSL – CA vs self-signed certificates
Module-5:
Introduction To Client-Side Attacks
-Reflected XSS
-Stored XSS
-DOM XSS
Module-6:
Authorization & Authentication
-CSRF
-Broken Authentication
-Broken Authorization
-Session Attacks
Module-7:
XML Attacks
-Configuring & Maintaining Databases
-MariaDB
-SQL Syntax
Module-8:
Marinating Databases
– Error-Based SQL Injection
– Union-Based SQL Injection
– Data Exfiltration
– Injection Automation
Module-9:
Advanced SQLi
-Blind SQL Injection
-Time-based injection
-NoSQL injection
Module-10:
XML Injection
-XML Usage in Web Applications
-XXE
-SSRF
-SSRF through XXE
Module-11:
PHP Vulnerabilities
-PHP Programming
-PHP Vulnerabilities
-Insecure Input Filtration
Module-12:
LFI/RFI & Directory Traversal
-LFI
-RFI
-Directory Traversal
Module-13:
WordPress Hacking
-Content management Systems
-WPScan
-WordPress Enumeration
Module-14:
File Upload
– File Upload
– PHP Shells
Module-15:
File Upload
– Nessus
– Qualys
– Writing Reports
Web Hacking Challenges
-Web Hacking Challenges (CyWar.HackerU.com)