About the course
Instructor led learning that covers the steps required to conduct an effective application test. Candidates will cover both client side and server-side attacks. Candidates will take the practical steps to identify vulnerabilities and then utilise them as part of an attack
What Will You Learn?
- Advanced Application Testing provides the opportunity to attack an application that has multiple common vulnerabilities.
- Candidates are taught to leverage the vulnerabilities that are identified to continue an attack such as through session hijacking via cross-site scripting.
- Server-side vulnerabilities will provide candidates with the chance to deliver payloads directly to a system via inadequate application protections.
Who Should Attend?
Security consultants and practitioners looking to expand their knowledge of conducting application tests and take the next step in their careers. Typical candidates consist of:
- Penetration Testers
- Security Analysts
- Consultants prepping for CHECK Team Leader exams
The Advanced Application Testing course provides candidates with an environment to learn new techniques of attack and explore alternatives to methods they currently use. As such, the course assumes that any candidate will be familiar with the tools required to conduct an application test.
It is required that all students are comfortable with whatever testing OS they choose to use and are comfortable with command line interfaces.
- Making sure you stay on the right side of the law
- UK laws regarding hacking
- Site mapping
- Understanding authenticated vs unauthenticated access
- Identification of WAF solutions
- Encryption implementations
- Understanding user sessions
- SQL injection attacks against multiple databases
- Command injection
- Bypassing injection protection
- Identification of XSS
- Session Hijacking
- Bypassing XSS protection
File Include Vulnerabilities
- Local File Inclusion
- Remote File Inclusion
File Upload Abuse
- Web shells
- Bypassing file upload filters
- Identify resources that are not appropriately protected
- Access resources that are not immediately visible or accessible
Application Management Interfaces
- Identifying management interfaces
- Attacking applications via management interfaces