Basic Web Hacking

Virtual Learning:2,050€ + IVA

Duração icon

Duração:

2 dias

Próxima Data icon

Próxima Data:

Consulte-nos

Local icon

Local:

Online

Descrição

This is an entry-level web application security testing course and also a recommended pre-requisite course before enrolling for our “Advanced Web Hacking” course. This foundation course of “Web Hacking” familiarises the attendees with the basics of web application and web application security concerns. A number of tools and techniques, backed up by a systematic approach on the various phases of hacking will be discussed during this 2-day course. If you would like to step into a career of Ethical Hacking / Pen Testing with the right amount of knowledge, this is the right course for you.

*PVP por participante. A realização do curso nas datas apresentadas está sujeita a um quórum mínimo de inscrições.

Destinatários

  • Security enthusiasts
  • Anybody who wishes to make a career in this domain and gain some knowledge of networks and applications
  • Web Developers
  • System Administrators
  • SOC Analysts
  • Network Engineers
  • Pen Testers who are wanting to level up their skills

  • Área: Cybersecurity

  • Certificação Associada: 156-403 – Check Point Certified PenTesting Expert – Web Hacking (CCPE-W)

Quero inscrever-me

Programa:

UNDERSTANDING THE HTTP PROTOCOL

  • HTTP Protocol Basics
  • Introduction to proxy tools

INFORMATION GATHERING

  • Enumeration Techniques
  • Understanding Web Attack surface

USERNAME ENUMERATION & FAULTY PASSWORD RESET

  • Attacking Authentication and Faulty Password mechanisms

AUTHORIZATION BYPASS

  • Logical Bypass techniques
  • Session related issues

CROSS SITE SCRIPTING (XSS)

  • Various types of XSS
  • Session Hijacking & other attacks

ISSUES WITH SECURE SOCKETS LAYER (SSL) AND TRANSPORT LAYER SECURITY (TLS)

  • SSL/TLS misconfiguration

CROSS SITE REQUEST FORGERY (CSRF)

  • Understanding CSRF attack
  • Various impacts of SSRF attack

SQL INJECTION

  • SQL Injection types
  • Manual Exploitation

XML EXTERNAL ENTITY (XXE) ATTACKS

  • XXE Basics
  • XXE exploitation

INSECURE FILE UPLOADS

  • Attacking File upload functionality

DESERIALIZATION VULNERABILITIES

  • Serialization Basics
  • PHP Deserialization Attack

COMPONENTS WITH KNOWN VULNERABILITIES

  • Understanding risks known vulnerabilities
  • Known vulnerabilities leading to critical exploits

INSUFFICIENT LOGGING AND MONITORING

  • Understanding importance of logging and monitoring
  • Common pitfalls in logging and monitoring

MISCELLANEOUS

  • Understanding formula Injection attack
  • Understanding Open Redirection attack

Pré-requisitos:

Delegates should bring their laptop with windows operating system installed (either natively or runningin a VM). Further, delegates must have administrative access to perform tasks such as installingsoftware, disabling antivirus etc. Devices need to be connected to the internet in order to access the course environment.

Delegates should also have:

  • Basic knowledge of web application security
  • Basic familiarity with common command line syntax
  • Basic knowledge of Burp Suite

Quero inscrever-me

Partilha:
Duração icon Duração icon

Powered by IGNIT

A Claranet Portugal Company