Web Hacking 2020 Edition 2 Day Practical Class

Provided by

Enquire about this course

About the course

This is an entry-level web application security testing course and also a recommended pre-requisite course before enrolling for our “Advanced Web Hacking” course. This foundation course of “Web Hacking” familiarises the attendees with the basics of web application and web application security concerns. A number of tools and techniques, backed up by a systematic approach on the various phases of hacking will be discussed during this 2-day course. If you would like to step into a career of Ethical Hacking / Pen Testing with the right amount of knowledge, this is the right course for you.


Class Overview
This course familiarises the attendees with a wealth of tools and techniques required to breach and compromise the security of web applications. The course starts by discussing the very basics of web application concepts, and gradually builds up to a level where attendees can not only use the tools and techniques to hack various components involved in a web application, but also walk away with a solid understanding of the concepts on which these tools are based. The course will also talk about industry standards such as OWASP Top 10 and PCI DSS which form a critical part of web application security. Numerous real life examples will be discussed during the course to help the attendees understand the true impact of these vulnerabilities.

Class Details
This class familiarises the attendees with a wealth of tools and techniques needed to breach the security of web applications. The class starts from the very basic, and gradually builds up to a level where attendees can not only use the tools and techniques to hack various components involved in Web Application hacking, but also walk away with a solid understanding of the concepts on which these tools are based. The class also covers the industry standards such as OWASP Top 10, PCI DSS and contains numerous real life examples to help the attendees understand the true impact of these vulnerabilities.

Understanding The Http Protocol
HTTP Protocol Basics
Introduction to proxy tools
 

Information Gathering
Enumeration Techniques
Understanding Web Attack surface

Username Enumeration & Faulty Password Reset
Attacking Authentication and Faulty Password mechanisms

Issues With SSL/TLS
SSL/TLS misconfiguration

Authorization Bypass
Logical Bypass techniques
Session related issues

Cross Site Scripting (XSS)
Various types of XSS
Session Hijacking & other attacks

Cross Site Request Forgery (CSRF)
Understanding CSRF attack

SQL Injection
SQL Injection types
Manual Exploitation

Xml External Entity (XXE) Attacks
XXE Basics
XXE exploitation

Insecure File Uploads
Attacking File upload functionality

Deserialization Vulnerabilities
Serialization Basics
PHP Deserialization Attack

Prerequisites
Who Should Take This Class?

  • Security enthusiasts
  • Anybody who wishes to make a career in this domain and gain some knowledge of networks and applications
  • Web Developers
  • System Administrators
  • SOC Analysts
  • Network Engineers
  • Pen Testers who are wanting to level up their skills

Student Requirements
Delegates should bring their laptop with windows operating system installed (either natively or running
in a VM). Further, Delegates must have administrative access to perform tasks such as installing software, disabling antivirus etc. Devices that don’t have an Ethernet connection (e.g. MacBook Air, tablets etc.) will not be supported during the course.

Enquire

Start date Location / delivery
No fixed date Live Online Training

Related article

BATALAS have announced they can offer their ISO27001 course with a study from home option via virtual training. "We understand that you have traini...