Basic Web Hacking

Classroom: 1,750€ +Iva

REF: NSSBWH Catálogo: Cybersecurity Área: Claranet Cyber Security (NotSoSecure), Cybersecurity

Duração icon

Duração:

2 dias

Próxima Data icon

Próxima Data:

Consulte-nos
Local icon

Local:

Descrição

This is an entry-level web application security testing course and also a recommended pre-requisite course before enrolling for our “Advanced Web Hacking” course. This foundation course of “Web Hacking” familiarises the attendees with the basics of web application and web application security concerns. A number of tools and techniques, backed up by a systematic approach on the various phases of hacking will be discussed during this 2-day course. If you would like to step into a career of Ethical Hacking / Pen Testing with the right amount of knowledge, this is the right course for you.

Destinatários

System Administrators, Web Developers, SOC analysts, Penetration Testers, network engineers, security enthusiasts and anyone who wants to take their skills to the next level.

  • Área: Cybersecurity

  • Certificação Associada: 156-403 – Check Point Certified PenTesting Expert – Web Hacking (CCPE-W)

Quero inscrever-me.

*Curso disponível em Live Training

Programa:

UNDERSTANDING THE HTTP PROTOCOL

  • HTTP Protocol Basics
  • Introduction to proxy tools

INFORMATION GATHERING

  • Enumeration Techniques
  • Understanding Web Attack surface

USERNAME ENUMERATION & FAULTY PASSWORD RESET

  • Attacking Authentication and Faulty Password mechanisms

ISSUES WITH SSL/TLS

  • SSL/TLS misconfiguration

AUTHORIZATION BYPASS

  • Logical Bypass techniques
  • Session related issues

CROSS SITE SCRIPTING (XSS)

  • Various types of XSS
  • Session Hijacking & other attacks

CROSS SITE REQUEST FORGERY (CSRF)

  • Understanding CSRF attack
  • Various impacts of SSRF attack

SQL INJECTION

  • SQL Injection types
  • Manual Exploitation

XML EXTERNAL ENTITY (XXE) ATTACKS

  • XXE Basics
  • XXE exploitation

INSECURE FILE UPLOADS

  • Attacking File upload functionality

DESERIALIZATION VULNERABILITIES

  • Serialization Basics
  • PHP Deserialization Attack

COMPONENTS WITH KNOWN VULNERABILITIES

  • Understanding risks known vulnerabilities
  • Known vulnerabilities leading to critical exploits

INSUFFICIENT LOGGING AND MONITORING

  • Understanding importance of logging and monitoring
  • Common pitfalls in logging and monitoring

MISCELLANEOUS

  • Understanding formula Injection attack
  • Understanding Open Redirection attack

Pré-requisitos:

Delegates should bring their laptop with windows operating system installed (either natively or running in a VM). Further, Delegates must have administrative access to perform tasks such as installing software, disabling antivirus etc. Devices that don’t have an Ethernet connection (e.g. MacBook Air, tablets etc.) will not be supported during the course.

Quero inscrever-me.

Share:

Facebook logo Linkedin logo Email icon
We meet future and then we make it spark slogan

Precisas de ajuda a encontrar o teu futuro?

The answer you entered for the CAPTCHA was not correct.

A background of the Ignit sparks