Advanced Application Testing (Cyber Scheme Team Leader)
Provided by North Green Security
About the course
Special 15% Easter Discount offer discount available off bookings for the 19th of April date only.
Instructor led learning that covers the steps required to conduct an effective application test. Candidates will cover both client side and server-side attacks. Candidates will take the practical steps to identify vulnerabilities and then utilise them as part of an attack
What Will You Learn?
- Advanced Application Testing provides the opportunity to attack an application that has multiple common vulnerabilities.
- Candidates are taught to leverage the vulnerabilities that are identified to continue an attack such as through session hijacking via cross-site scripting.
- Server-side vulnerabilities will provide candidates with the chance to deliver payloads directly to a system via inadequate application protections.
Who Should Attend?
Security consultants and practitioners looking to expand their knowledge of conducting application tests and take the next step in their careers. Typical candidates consist of:
- Penetration Testers
- Security Analysts
- Consultants prepping for CHECK Team Leader exams
Recommended Prerequisites
The Advanced Application Testing course provides candidates with an environment to learn new techniques of attack and explore alternatives to methods they currently use. As such, the course assumes that any candidate will be familiar with the tools required to conduct an application test.
It is required that all students are comfortable with whatever testing OS they choose to use and are comfortable with command line interfaces.
Syllabus
Legal Considerations
- Making sure you stay on the right side of the law
- UK laws regarding hacking
Site Enumeration
- Site mapping
- Understanding authenticated vs unauthenticated access
- Identification of WAF solutions
- Encryption implementations
Session Management
- Understanding user sessions
Injection Vulnerabilities
- SQL injection attacks against multiple databases
- Command injection
- Bypassing injection protection
Cross-Site Scripting
- Identification of XSS
- Session Hijacking
- Bypassing XSS protection
File Include Vulnerabilities
- Local File Inclusion
- Remote File Inclusion
File Upload Abuse
- Web shells
- Bypassing file upload filters
Client-side Restrictions
- Identify resources that are not appropriately protected
- Access resources that are not immediately visible or accessible
Application Management Interfaces
- Identifying management interfaces
- Attacking applications via management interfaces