Web Application Penetration Testing, Certified Ethical Hacking | CEH | IT Security Training Courses in Pune
Slideshow Image 1 Slideshow Image 2 Slideshow Image 3


Web Application Penetration Testing

Web Application Penetration Testing Training focuses on preparing students for the real world of Web App Pen Testing through extensive lab exercises and thought-provoking lectures led by an expert instructor. We review of the entire body of knowledge as it pertains to web application pen testing through a high-energy seminar approach. Sysap offers Web Application Penetration Testing program to train and prepare IT Security Professionals.

Course Highlights

  • Learn the Secrets of Web App Pen Testing in a totally hands-on classroom environment
  • Learn how to exploit and defend real-world web apps – not just silly sample code
  • Complete the 83 Step "Web App Pen Test Methodology", and bring a copy back to work with you
  • Understand how to find Vulnerabilities in Source Code
  • Take home a fully featured Web App Pen Test Toolkit
  • Learn how perform OWASP Top 10 Assessments – for PCI DSS compliance

Intensive Hands-On Training:

The Web Application Penetration Testing course from Sysap is a totally hands-on learning experience. From the first day to the last day, you will learn the ins and outs of Web App Pen Testing by attending thought-provoking lectures led by an expert instructor. Every lecture is directly followed up by a comprehensive lab exercise (we also set up and provide lab workstations so you don't waste valuable class time installing tools and apps). Typical lab exercises consist of a real-world app that demonstrates a vulnerability commonly found in a web app.

You learn how to assess the application much as a black hat hacker would, and then exploit the app so that you can demonstrate the true risk of the vulnerability to the application owner. This can involve taking control of the application itself, downloading data the application stores, or potentially using the app as a launching pad to attack unsuspecting visitors with a malicious script. Finally, the lab will follow up with remediation steps so that the application owner can properly close down the security hole for good.

Sample of Topics Covered:

An assortment of topics you will learn to master during the Application Security Training

  • Course Contents
  • Web Application (In)security
  • Core Defense Mechanisms – OWASP Top 10
  • Cross-Site Scripting (XSS)
  • Broken Authentication and Session Management
  • Insecure Direct Object References
  • Cross-Site Request Forgery (CSRF)
  • Insufficient Transport Layer Protection
  • Unvalidated Redirects and Forwards
  • Encoding Schemes, URL Encoding, Unicode Encoding
  • Bypassing Client-Side Controls
  • Transmitting Data via the Client
  • Hacking ASP.NET ViewState
  • Decompiling Java Bytecode
  • Coping with Bytecode Obfuscation
  • Reverse Engineering ActiveX
  • Manipulating Exported Functions
  • Attacking Authentication
  • Exploiting Verbose Failure Messages
  • Exploiting Vulnerable Transmission of Credentials
  • Attacking Password Change Functionality & Forgotten Password Functionality
  • Predictable Usernames & Initial Passwords
  • Prevent Misuse of the Account Recovery Function
  • Attacking Session Management
  • Attacking Access Controls
  • Common Vulnerabilities
  • Targeting Identifier-Based Functions
  • Securing Access Controls
  • Injecting into Interpreted Languages
  • Exploiting ODBC Error Messages (MS-SQL Only)
  • Enumerating Table and Column Names
  • Extracting Arbitrary Data
  • Parameterized Queries
  • Finding Dynamic Execution Vulnerabilities
  • File Inclusion Vulnerabilities
  • Preventing SOAP Injection
  • SMTP Command Injection
  • Injecting into LDAP
  • Storing XSS in Uploaded Files
  • Real-World XSS Attacks
  • Chaining XSS and Other Attacks
  • HTTP Response Splitting
  • Exploiting XSRF Flaws
  • Exploiting Information Disclosure Vulnerabilities
  • Exploiting Error Messages
  • Buffer Overflow Vulnerabilities
  • Heap Overflows
  • “Off-by-One” Vulnerabilities
  • Attacking & Assessing Application Architectures
  • Attacking Tiered Architectures
  • Exploiting Trust Relationships between Tiers
  • Subverting Other Tiers
  • Attacking Other Tiers
  • Source Code Auditing