Web applications are one of the most significant points of vulnerability in organizations today.

Web App Penetration Testing and Ethical Hacking

Why should you attend?

Web applications are one of the most significant points of vulnerability in organizations today. Most organizations have them (both web applications and the vulnerabilities associated with them). Web app holes have resulted in the theft of millions of credit cards, major financial loss, and damaged reputations for hundreds of enterprises. The number of computers compromised by visiting web sites altered by attackers is too high to count. This certification measures an individuals understanding of web application exploits and penetration testing methodology.

Who should attend?

  • General security practitioners
  • Penetration testers
  • Ethical hackers
  • Web application developers
  • Website designers and architects

Learning objectives

  • Apply a detailed, four-step methodology to your web application penetration tests: reconnaissance, mapping, discovery, and exploitation.
  • Analyze the results from automated web testing tools to validate findings, determine their business impact, and eliminate false positives.
  • Manually discover key web application flaws.
  • Use Python to create testing and exploitation scripts during a penetration test.
  • Discover and exploit SQL Injection flaws to determine true risk to the victim organization.
  • Create configurations and test payloads within other web attacks.
  • Fuzz potential inputs for injection attacks.
  • Explain the impact of exploitation of web application flaws.
  • Analyze traffic between the client and the server application using tools such as the Zed Attack Proxy and Burp Suite to find security issues within the client-side application code.
  • Manually discover and exploit Cross-Site Request Forgery (CSRF) attacks.
  • Use the Browser Exploitation Framework (BeEF) to hook victim browsers, attack client software and the network, and evaluate the potential impact that XSS flaws have within an application.
  • Perform a complete web penetration test during the Capture the Flag exercise to bring techniques and tools together into a comprehensive test.

Educational approach

  • Practical exercises are based on a case study which includes role playing and discussions
  • Practical tests are similar to the Certification Exam

Prerequisites

This course assumes students have a basic working knowledge of the Linux command line.

Course agenda

  • Web Penetration Testing and Ethical Hacking: Introduction and Information GatheringWeb Penetration Testing and Ethical Hacking: Configuration, Identity, and Authentication TestingWeb Penetration Testing and Ethical Hacking: InjectionWeb Penetration Testing and Ethical Hacking: JavaScript and XSS

    Web Penetration Testing and Ethical Hacking: CSRF, Logic Flaws and Advanced Tools

    Web Penetration Testing and Ethical Hacking: Capture the Flag

Certification

Certifications must be renewed every 4 years

General Information

  • 1 proctored exam
  • 75 questions
  • Time limit of 2 hours
  • Minimum Passing Score of 71%