Web Application Security Analysis Package

Provided by

Enquire about this course


Web-based applications are the most significant security exposure your organization faces. Labs in this category focus on detecting and understanding vulnerabilities in your web-based applications-penetration testing for the web. These vulnerabilities can be the result of risky coding practices, configuration problems, or newly discovered vulnerabilities in supporting software or frameworks. These labs utilize multiple tools to examine web application servers using a 'black box' approach, without access to source code.

This package includes all labs in the Web Application Security Analysis category, as well as all new labs in the category released during your subscription period. The MITRE ATT&CK Matrix is a taxonomy of adversary tactics and techniques, including detection and mitigation techniques for each. These techniques are aligned as appropriate to CYRIN exercise lab packages.


Prerequisites vary by lab, but are generally: familiarity with the Unix/Linux command line, basic networking concepts (TCP/IP, DNS, etc.), and basic web application concepts (HTTP, etc.)


All CYRIN labs, exercises and attacks happen within a virtual environment. Each trainee or student gets their own virtual instance of a lab, exercise or attack, allowing training to be self-paced and available anywhere at any time. In order to meet specific training objectives, CYRIN subscriptions are sold on a packaged basis. That is, groups of CYRIN labs, exercises and/or attacks are recommended and bundled to meet the individual needs of the student.

CYRIN Web Application Security Package:


• 12 hours, self-paced. Pause and continue at any time.

• 12 CPEs awarded on successful completion.

• 6 months of access.


1. Web Application Security Analysis using OWASP-ZAP

Students will use the OWASP program;s ZAP tool suite from within Kali Linux to scan multiple web services and document vulnerabilities. Students will see ZAP in action on a vulnerable web site where entire database tables are available to potential attackers.

2. Web Application Security Analysis using Nikto

Students will use the Nikto tool to test web services over the network and document vulnerabilities. Students will then use network packet capture tools such as Wireshark to verify their understanding of the vulnerabilities and testing procedures.

3. Web Application Security Analysis using Vega

Students will use the Vega scanning tool, within a graphical Kali Linux environment, to test web services over the network and document vulnerabilities. Students will then use network packet capture tools such as Wireshark to verify their understanding of the vulnerabilities and testing procedures.

4. Web Application Security Analysis using Burp Suite

Burp Suite is an industry standard suite of tools used by information security professionals for testing Web application security. Its tools work together to support the entire testing process, from initial mapping and analysis of an application's attack surface, through to finding and exploiting security vulnerabilities.

5. Detecting and Exploiting SQL Injection Vulnerabilities

Students will learn how to detect and exploit SQL injection vulnerabilities. By using several SQL injections techniques students will gather information about a remote database such as Operating System, database type, table names and their content. Students will then use sqlmap, a tool for SQL injection, to automate this process.

6. Web Site Reconnaissance

Web site reconnaissance is about gathering information about a web site. Of course, there is information published on the website that is intended for people to see. Then there is information such as the name and version of the software used in the website and information about databases used by web applications on the site. This is information the website owner may not want known but can be discovered using techniques covered by CYRIN labs in the Network Monitoring and Recon and Web Application Security Analysis categories.


All of the CYRIN exercise labs are mapped to the NIST NICE Framework - Specialty Areas:
  • Vulnerability Assessment and Management (VAM)
  • Exploitation Analysis (EXP)
CYRIN training is sold on a subscription basis. All CYRIN subscriptions come with two free labs: "Getting Started with CYRIN" and "Web application Security Analysis using OWASP-ZAP". All new CYRIN courses that are added to the training platform during a subscription period will be made available to subscribers at no additional cost.


Start date Location / delivery
No fixed date United Kingdom Book now
01132207150 01132207150

Related article

QA's practice director of Cyber Security, Richard Beck, rounds up the latest cyber security news.