The course
This is an advanced practical 3 day web hacking training course for penetration testers, security researchers, and security professionals needing to learn the art of security testing web applications.
This hands-on course helps the attendees gain in-depth knowledge on how to identify security vulnerabilities and subsequently identify the real risk of these vulnerabilities by exploiting them. The course also covers the syllabus for the CREST Web Application Exam. The training utilises a collection of up-to-date modern hacking tools required for conducting a complete web application security assessment.
Recommended prerequisites: This is an advanced course on application security and all delegates must have completed the 7Safe CSTP course, or possess equivalent knowledge and have a practical understanding of backend web application technologies.
This course is ideally suited to individuals that have been working in an application testing (security assessment/administration) or developer environment for several months.
Delegates who successfully complete the end of course practical exam containing hacking challenges will be awarded the Certified Application Security Tester (CAST) qualification; Ideal preparation for the CREST Certified Tester (Application) qualification.
- Authentication & Authorisation overview
- Cookies
- HTTP protocol
- Google hacking
- Types of web application authentication
- Clear text http protocol
- Advanced Username Enumeration/Brute Force Issues
- Security through Obscurity
- Session Management Issues
- Weak ACLs
- Cookie Analysis
- SSL misconfiguration and Man in the middle attacks
- TLS renegotiation, %00 byte issue
- MD5 collisions
- Insecure Design with thick client applications
- Echo Mirage, MiTM, Replaying Traffic
- IIS/Apache/OpenSSL exploitation
- Oracle Application Server exploits (bypass exclusion list etc)
- Hacking with Metasploit
- Insecure HTTP methods
- WebDav issues
- Types of Cross-site scripting
- Identifying XSS
- Exploiting XSS
- Advanced XSS exploitation with beef and XSS-Shell
- Secure cookie, HTTP-only
- Pitfalls in defending XSS
- Fixing XSS
- Identifying/Exploiting Cross Site Request Forgery (CSRF)
- Complicated CSRF with POST requests
- CSRF in web services
- Impact of CSRF
- Fixing CSRF
- Session Fixation
- Cookie Fixation
- Faulty Log-out functionalities
- Carriage Return & Line Feed (CRLF) injection
- Proxy Poisoning, XSS with CRLF injection
- Clickjacking
- SQL Injection: basic to advanced
- Impact: Authentication bypass
- Impact: Extracting Data (Blind SQL Injection, UNION tricks, OOB channels)
- OS Code Execution (MS-SQL, MySql, Oracle)
- SQL Injection within stored procedures, parameterised statements
- Places where you never thought SQLI could occur
- Pitfalls in defending SQL Injections
- Fixing SQL Injections
- Malicious File Uploads
- IIS 0day
- Hacking Unprotected Application servers
- Vulnerable flash Applications
- Insecure cross-domain requests
- Flash XSS
- Business logic bypass
- Authentication bypass
- Insecure Coding
- Other logical flaws
- OS Code Execution
- Remote/Local File inclusion
- OS Code Execution
- Direct Object Reference
- Capture The Flag
 |
|
CPE Credits: 24 |
|
|
Frequently Asked Questions (FAQ)
