Web Application Penetration TestApplication Security Testing
Job Roles
ICT&SS ProfessionalRed Team EngineerQuality EngineerCybersecurity Engineer
Overview
Master the craft of exploiting web applications to find flaws in your enterprise's web apps. You'll learn about the attacker's tools and methods to be a more powerful defender. Through detailed, hands-on exercises and with guidance from the instructor, you will learn the four-step process for web application penetration testing; inject SQL into back-end databases to learn how attackers exfiltrate sensitive data; and utilise cross-site scripting attacks to dominate a target infrastructure. You will also explore various web app vulnerabilities in-depth using proven techniques and a structured testing regimen.
Key Takeaways
At the end of this programme, you will be able to:
Apply OWASP's methodology to your web application penetration tests to ensure they are consistent, reproducible, rigorous, and under quality control
Analyse the results from automated web testing tools to validate findings, determine their business impact, and eliminate false positives
Manually discover key web application flaws
Use Python to create testing and exploitation scripts during a penetration test
Discover and exploit SQL Injection flaws to determine true risk to the victim organisation
Understand and exploit insecure deserialisation vulnerabilities with ysoserial and similar tools
Create configurations and test payloads within other web attacks
Fuzz potential inputs for injection attacks
Explain the impact of exploitation of web application flaws
Analyse traffic between the client and the server application using tools such as the Zed Attack Proxy and BurpSuite Pro to find security issues within the client-side application code
Manually discover and exploit Cross-Site Request Forgery (CSRF) attacks
Use the Browser Exploitation Framework (BeEF) to hook victim browsers, attack client software and the network, and evaluate the potential impact that XSS flaws have within an application
Perform two complete web penetration tests, one during the five sections of programme instruction, and the other during the Capture the Flag exercise
Who Should Attend
Please refer to the job roles section.
Security personnel whose job involves assessing networks and systems to find and remediate vulnerabilities.
Penetration testers.
Ethical hackers.
Defenders who want a better understanding of offensive methodologies, tools, and techniques.
Auditors who need to build deeper technical skills.
Red Team members.
Blue Team members.
Forensics specialists who wants a better understanding of offensive tactics.
Incident responders who want to understand the mind of an attacker.
Programme Structure
This programme will cover the following topics:
Introduction and Information Gathering
Content Discovery, Authentication, and Session Testing
It was useful learning about all the exploitations of web applications which we can take note of when developing our own applications.
,
Learning the different types of vulnerabilities/attack vectors and how these vulnerabilities can be exploited is useful to me as a software engineer as it allows me to appreciate security testing better and also to make sure the applications I'm building are not susceptible to such exploitations.
,
The labs were useful - we got to actually practise hacking.