Basic Web Hacking

Duração:

2 dias

Próxima Data:

Consulte-nos

Local:

Online

Descrição

This is an entry-level web application security testing course and also a recommended pre-requisite course before enrolling for our “Advanced Web Hacking” course. This foundation course of “Web Hacking” familiarises the attendees with the basics of web application and web application security concerns. A number of tools and techniques, backed up by a systematic approach on the various phases of hacking will be discussed during this 2 day course. If you would like to step into a career of Ethical Hacking / Pen Testing with the right amount of knowledge, this is the right course for you.

This course familiarizes the attendees with a wealth of tools and techniques required to breach and compromise the security of web applications. The course starts by discussing the very basics of web application concepts, and gradually builds up to a level where attendees can not only use the tools and techniques to hack various components involved in a web application, but also walk away with a solid understanding of the concepts on which these tools are based. The course will also talk about industry standards such as OWASP Top 10 and PCI DSS which form a critical part of web application security. Numerous real life examples will be discussed during the course to help the attendees understand the true impact of these vulnerabilities.

*PVP por participante. A realização do curso nas datas apresentadas está sujeita a um quórum mínimo de inscrições.

Destinatários

Security enthusiasts
Anybody who wishes to make a career in this domain and gain some knowledge of networks and applications
Web Developers
System Administrators
SOC Analysts
Network Engineers
Pen Testers who are wanting to level up their skills

Área: Cybersecurity
Certificação Associada: 156-403 – Check Point Certified PenTesting Expert – Web Hacking (CCPE-W)

Quero inscrever-me.

Programa:

UNDERSTANDING THE HTTP PROTOCOL

HTTP Protocol Basics
Introduction to proxy tools

INFORMATION GATHERING

Enumeration Techniques
Understanding Web Attack surface

ISSUES WITH SECURE SOCKETS LAYER (SSL) AND TRANSPORT LAYER SECURITY (TLS)

SSL/TLS misconfiguration

USERNAME ENUMERATION & FAULTY PASSWORD RESET

Attacking authentication and faulty password mechanisms
User enumeration
Broken authentication
Second factor authentication bypass

BROKEN ACCESS CONTROL – ROLE BASED AUTHORIZATION BYPASS

Horizontal Privilege Escalation attack
Vertical Privilege Escalation attack
Insecure Direct Object Reference attack

SECURITY MISCONFIGURATION

Business Logic attack

CROSS SITE SCRIPTING (XSS)

Various types of XSS
Session Hijacking & other attacks

SERVER SITE REQUEST FORGERY (SSRF)

Understanding SSRF attack
Various impacts of SSRF attack

CROSS SITE REQUEST FORGERY (CSRF)

Understanding CSRF attack
Various impacts of SSRF attack SQL INJECTION (SQLi)
SQL Injection types
Manual Exploitation
Automated exploitation

XML EXTERNAL ENTITY (XXE) ATTACKS

XXE Basics
XXE exploitation

INSECURE FILE UPLOADS

Attacking File upload functionality
Executing remote code through malicious file upload

COMPONENTS WITH KNOWN VULNERABILITIES

Understanding risks known vulnerabilities
Known vulnerabilities leading to critical exploits
Log4J attacks

INSUFFICIENT LOGGING AND MONITORING

Understanding importance of logging and monitoring
Evaluate the logging events
Common pitfalls in logging and monitoring

Pré-requisitos:

Delegates should bring their laptop with windows operating system installed (either natively or runningin a VM). Further, delegates must have administrative access to perform tasks such as installingsoftware, disabling antivirus etc. Devices need to be connected to the internet in order to access the course environment.

Delegates should also have:

Basic knowledge of web application security
Basic familiarity with common command line syntax
Basic knowledge of Burp Suite

Quero inscrever-me.

Partilha:

We meet future and then we make it spark slogan

Precisas de ajuda a encontrar o teu futuro?