Course Outline
The 8-day Web Application Penetration Testing course teaches participants the fundamentals of penetrating web applications and how to exploit a variety of known vulnerabilities. Participants will be introduced to many techniques used by pentesters and learn how to check for most security vulnerabilities, how to identify security bugs and many more practical skills. The course is geared towards hands-on practitioners and includes a variety of live demonstrations and immersive exercise labs. This course features hands-on simulations provided by @Cywar – a gamified training and assessment platform by HackerU Solutions.
Upcoming Meetings
There are no upcoming meetings for this course. Contact us to schedule this course, which will be customized specifically for your organization.
info@hackerupro.comModules
Web Fundamentals
- Web Technologies Overview
- Browser tools & Debugging
- OWASP Top10
Web Server Installation
- Apache Secure Installation
- Apache Secure Configuration
- Hardening Apache
Traffic Manipulation
- Burp Suite
- OWASP Zap
- Web Site Enumeration
- Web Application Brute-Force Challenge
Web Cryptography
- HTTP vs HTTPS
- SSL vs TLS
- Cipher Suites
- OpenSSL – CA vs self-signed certificates
Introduction to Client-Side Attacks
- Reflected XSS
- Stored XSS
- DOM XSS
Authorization & Authentication
- CSRF
- Broken Authentication
- Broken Authorization
- Session Attacks
XML Attacks
- Configuring & Maintaining Databases
- MariaDB
- SQL Syntax
Marinating Databases
- Error-Based SQL Injection
- Union-Based SQL Injection
- Data Exfiltration
- Injection Automation
Advanced SQLi
- Blind SQL Injection
- Time-based injection
- NoSQL Injection
XML Injection
- XML Usage in Web Applications
- XXE
- SSRF
- SSRF through XXE
PHP Vulnerabilities
- PHP Programming
- PHP Vulnerabilities
- Insecure Input Filtration
LFI/RFI & Directory Traversal
- LFI
- RFI
- Directory Traversal
WordPress Hacking
- Content management Systems
- WPScan
- WordPress Enumeration
File Upload
- File Upload
- PHP Shells
File Upload
- Nessus
- Qualys
- Writing Reports
Web Hacking Challenges
- Web Hacking Challenges (CyWar.HackerU.com)
Prerequisites
- Knowledge in Information Security, Computer Networking and Common Protocols is a must
- Familiarization with ethical hacking and/or infrastructure hacking
- Basic knowledge of web development (HTML, CSS, JavaScript, etc.) is an advantage but not required
Upcoming Meetings
There are no upcoming meetings for this course. Contact us to schedule this course, which will be customized specifically for your organization.
info@hackerupro.comParticipants will be introduced to many techniques used by pentesters and learn how to check for most security vulnerabilities"Download Full Syllabus