Professional Web Application Penetration Tester

Summary

Web App Penetration Testing and Ethical Hacking V1.1

  • In this course the student will learn to develop to the maximum their capacities as a pentester specialized in evaluating web applications
  • This course provides in-depth analysis of the phases, methodology and techniques used during web application pentesting
  • The course material includes access to the academy, complementary material, exercises, videos and access to laboratories
  • On-line instructors to answer questions and provide follow-up
  • The course is 100% practice-oriented, providing a large infrastructure with real vulnerabilities ready to be exploited
  • Theoretical and practical exams
  • 90 Days of labs
  • 30% discount for ICPP+ if you pass this certification
Pre-Requisites

PRE-REQUISITES

  • Understanding HTML, HTTP and Javascript.
  • Reading and understanding PHP, JAVA, .NET or PYTHON code will help even if it is not mandatory.
  • Basic development skills required.
Information

COURSE INFORMATION

  • Teach the student how to prevent the most common failures found in the TOP 10 OWASP
  • The complete and varied exercises help to put the acquired knowledge into practice
  • At the end of the course there will be a series of exams, and once they have been passed the student will be awarded the certification.
Material

MATERIAL

  • +5 hours of video
  • Virtual training platform
  • Practical exercises and concept tests
  • Access to different frameworks where you can practice with different technologies
  • Online teachers to answer questions and follow-up
  • Theoretical and practical final exams to obtain the ICPWAP certification
  • Private access to laboratories 24×7 via VPN
This training course is for

THIS TRAINING  COURSE IS FOR

  • Pentesters
  • IT Professionals
  • Managers / Team Leaders
  • Web Application Developers
  • Security enthusiasts who want to expand their knowledge
You will be able to

Upon completion of this course you will be able

  • Apply a detailed methodology in your web application penetration tests: recognition, application map, discovery and exploitation
  • Successfully analyze the results of the tools.
  • Validate the findings, determine their impact on the business and eliminate false positives
  • Discover and exploit web vulnerabilities manually
  • Discover and exploit TOP10 failures of OWASP 2017 and determine the true risk to the organization
  • Create configurations and use tools to streamline the process
  • Explain the impact for the organization when the operation is successful.
  • Analyze the traffic between the client and the server application
  • Manually discover and exploit cross-site request forgery attacks (CSRF)
  • Perform a full web penetration test on CMS and web applications
Hands-on Training

Practices in real environments into the training platform

  • Web authentication evaluation
  • XSS Reflected
  • XSS Stored
  • Blind SQL injection
  • Soap attacks
  • XXE attacks
  • SQL injection based on errors.
  • CSRF attacks
  • SQLMAP tool
  • Session hijacking
  • Enumeration of Users
  • HTML injection
  • Remote file inclusion
  • Local files inclusion
  • Command Injection
  • Learn Burp Suite and much more

VIRTUAL LABS

The most sophisticated virtual lab on Penetration Testing is now made available to practice as securely and realistically as possible, simulating real situations in the everyday life of a professional pentester. The student will connect via VPN to the remote virtual lab network where vulnerable workstations/servers will be made available for testing.

Corporate & Groups

An annual or personal license to build a continuous learning in iHackLabs with a Supervisor Dashboard for monitoring learner students progress and a discount for volume purchases

 

Individuals

ICPWAP
599€

Web Applications

Module 1: Introduction to Pentest Web
Module 2: Phases of Gathering
Module 3: Client Side Controls
Module 4: Session Management
Module 5: Injections
Module 6: Backend Services
Module 7: Attacks on Users
Module 8: Web Infrastructure
Module 1: Introduction to Pentest Web
  • Basic concepts of a web penetration test
  • Phases of a web pentest and its development
  • Current context, most used tools and most used work methodologies
  • Fingerprinting, most used frameworks, web architecture and attack methods
  • Concept tests, videos and practical exercises
Module 2: Phases of Gathering
  • In this chapter you will see the basic concepts of HTTP methods, authentication types and coding
  • Introduction to Burp Suite management
  • You will see in detail the gathering phase, its terminology and the most used tools
  • Fingerprinting, most used frameworks, web architecture and attack methods
  • Concept tests, videos and practical exercises
Module 3: Client Side Controls
  • Analysis of content that is hidden on the other side of a web application
  • Vulnerabilities from the client side
  • Traffic capture, recognition and subsequent analysis
  • Java serialization, Flash and Silverlight
  • Concept tests, videos and practical exercises
Module 4: Session Management
  • Analysis of content that is hidden on the other side of a web application
  • Vulnerabilities from the client side
  • Traffic capture, recognition and subsequent analysis
  • Java serialization, Flash and Silverlight
  • Concept tests, videos and practical exercises
Module 5: Injections
  • Types of most common injections, detection and prevention
  • Advanced injections in Microsoft SQL, MySQL and Oracle
  • XPath Injections and LDAP Injections
  • Concept tests, videos and practical exercises
Module 6: Backend Services
  • Phase of exploitation of a web penetration test
  • Injections that allow direct interaction with back-end services
  • Injection of system commands, path manipulation, XML injections and how to prevent them
  • Concept tests, videos and practical exercises
Module 7: Attacks on Users
  • Analysis and management of data collected during the previous phases
  • Attacks on systems and evaluation of their security status
  • Detection and prevention of Cross-Site Scripting
  • Cross-Site Scripting: Reflected, Stored and DOM
  • Concept tests, videos and practical exercises
Module 8: Web Infrastructure
  • Attack techniques for application servers
  • Most common vulnerabilities within the infrastructure of a web server
  • Attacks by buffer overflows
  • Concept tests, videos and practical exercises

Contact Us

Fill out this field
Fill out this field
Fill out this field
Fill out this field
You need to agree with the terms to proceed
Menu