Masterclass: Web Application Pentesting

In this 3-day, 21-hour course, you will develop essential cybersecurity knowledge and skills with a focus on Web Application Pentesting.

Moreover, you will be able to:

  • Get the highest quality and unique learning experience – the class is limited to 16 participants by default.
  • Get the opportunity to interact with our world-renowned Experts.
  • Go through CQURE’s custom lab exercises and practice them after the course.
  • Receive a lifelong certification after completing the course!
  • Get 12-month access to the recordings!

Why this course?

This course covers techniques and strategy concepts for performing professional web applications penetration testing in a highly secure environment. Our course has been developed around professional penetration testing, web applications development and security awareness in the business and IT fields.

Our goal is to show you all the most important aspects of web application penetration testing. Together we will look for vulnerabilities and exploit them in practice in CQURE’s custom-built training environment. During the exercises, we will use industry-standard tools such as the Kali Linux, Burp Suite, Bloodhound, Metasploit and the Wireshark.

Audience

This bootcamp is designed for you if you are a: 

  • Penetration tester 
  • Security analyst 
  • IT administrator 
  • Cybersecurity professional
  • & a geek with IT background who wants to start an adventure in the cybersecurity pentesting field 

The Web Application Pentesting agenda consists of 10 Modules that will be covered during 3 Days.

The training will allow you to understand the penetration tester’s perspective on security, and learn crucial tools and concepts needed for everyone considering developing their career in penetration testing or cybersecurity in general.

Module 1: Introduction to Web Penetration Testing

  1. What is Penetration Testing
  2. Cyber Kill Chain
  3. MITRE ATT&CK Matrix
  4. Testing methodologies
  5. Reporting

Module 2: Reconnaissance

  1. Open-Source Intelligence (OSINT)
  2. Google hacking and alternative search engines
  3. Subdomains and DNS enumeration
  4. Discovering hidden secrets

Module 3: Introduction to Web Application testing

  1. OWASP TOP 10
  2. Role of local-proxy
  3. Work automatization
  4. Business logic issues
  5. Supply chain attacks and vulnerable components
  6. Chaining security issues
  7. Information disclosures

Module 4: Browser's security mechanisms

  1. Same Origin Policy
  2. CORS and other exceptions
  3. 3rd party cookies
  4. Security headers
  5. Content Security Policy (CSP)
  6. Cookies’ and local storage security

Module 5: Cross Site Scripting

  1. Reflected and Stored Cross Site Scripting
  2. Attacking Document Object Model
  3. Bypassing weak CSP

Module 6: Injections

  1. Blacklisting vs whitelisting
  2. SQL injections
  3. Command injections
  4. Other injection attacks

Module 7: Authentication and Authorization

  1. Attacks on authentication and authorization
  2. Attacks on sessions
  3. Insecure Direct Object Reference (IDOR) attacks
  4. Default credentials
  5. JSON Web Tokens

Module 8: Insecure file handling

  1. Path traversal
  2. Content manipulation
  3. Insecure file extensions

Module 9: Insecure inclusions

  1. Local File Inclusion
  2. Remote File Inclusion

Module 10: Testing API

  1. OWASP Top 10 for API
  2. Bypassing API access controls
  3. Mass assignment attacks
 

After finishing the course, you will be granted a CQURE Certificate of Completion. Please note that after completing the course you will also be eligible for CPE points!

Practical information

Duration: 4 days
Format: Live virtual class with hands-on labs
Language: English
Delivery: Remote instructor-led training

FAQ

Hva koster kurset?
Prisen er 34 900 NOK for 4 dager. Kurset inkluderer kursmateriell, praktiske lab-øvelser og livslang sertifisering etter fullført kurs.

Hvor lenge varer kurset?
Kurset varer i 4 dager.

Hvordan gjennomføres kurset?
Kurset gjennomføres som et Live Virtual Class hvor deltakerne deltar i et virtuelt klasserom med instruktør. Deltakerne arbeider med praktiske lab-øvelser i et dedikert treningsmiljø.

Hvem passer kurset for?
Kurset passer for IT- og sikkerhetsfagfolk som ønsker å lære hvordan man tester webapplikasjoner for sikkerhetssårbarheter, for eksempel sikkerhetsanalytikere, penetration testers, utviklere og systemadministratorer.

Hva lærer jeg i løpet av kurset?
Du lærer hvordan man gjennomfører webapplikasjon-penetrasjonstesting ved å identifisere og utnytte sårbarheter i webapplikasjoner. Kurset dekker blant annet rekognosering, testing av webapplikasjoner, autentiseringsangrep, injeksjoner, Cross-Site Scripting og testing av API-sikkerhet.
Deltakerne lærer også hvordan man analyserer funn og rapporterer sikkerhetssårbarheter.

Er kurset praktisk rettet?
Ja. Kurset inneholder praktiske lab-øvelser utviklet av CQURE hvor deltakerne jobber med realistiske scenarioer og tester webapplikasjoner for sikkerhetssårbarheter.

Hvilke temaer dekkes i kurset?
Kurset dekker blant annet følgende temaer:

Web penetration testing metodologi
Reconnaissance og OSINT
OWASP Top 10
Autentisering og autorisasjon
Cross-Site Scripting (XSS)
SQL- og kommando-injeksjoner
Browser security mechanisms
Path traversal og filhåndtering
Local og Remote File Inclusion
API-sikkerhet og OWASP Top 10 for API

Får jeg sertifisering etter kurset?
Ja. Etter fullført kurs mottar deltakerne en livslang CQURE-sertifisering.

Hvilke forkunnskaper anbefales?
Det anbefales grunnleggende kunnskap om nettverk, webteknologi og IT-sikkerhet.

Hva gjør dette kurset unikt?
Kurset kombinerer teori og praktiske øvelser i et realistisk lab-miljø og gir deltakerne mulighet til å lære direkte fra sikkerhetseksperter. Klassen er begrenset til et lite antall deltakere for å sikre høy kvalitet på undervisningen.

Relevant courses

Other subject areas

Other relevant courses

MasterClass: Hacking and Securing Windows Infrastructure
13. April
5 days
Virtual Classroom
Masterclass: System Forensics, Incident Handling And Threat Hunting
25. May
5 days
Virtual Classroom
MasterClass: Windows Security and Infrastructure Management with Windows Internals
15. June
4 days
Classroom Virtual
MasterClass: Administering and Configuring Active Directory Federation Services and Claims
15. June
3 days
Classroom