QA-QAAWHACK

Ladda ner som PDF

Advanced Web Hacking

For IT security professionals, staying up-to-date with the latest vulnerabilities and exploits is a real challenge. Knowing a vulnerability from a high level perspective is not enough. A good security professional must be able to demonstrate the impact of the vulnerability.

To bridge the gap between understanding a vulnerability and to be able to fully exploit it. We have designed a fully hands-on course. During the 3-day course, attendees will be granted access to a state-of-art Hacklab and will be asked to enumerate, assess, exploit and then post exploit vulnerabilities within the Hacklab.

Prior knowledge

Prior hands-on experience of common hacking/enumeration tools such as Sqlmap, burp etc., is recommended for the class. QA Certified Ethical Hacker (CEH) certification is strongly recommended as a pre-requisite to this advanced hacking course.

The Advanced Web Hacking course audience includes:

  • Penetration Testers and Security Researchers.
  • CSIRT & Red Team professionals.
  • Security Operations Centre (SOC) analysts
  • Security/System/Network architects.
  • Information Security Professionals.

Objectives:

Individuals taking the Advanced Web Hacking course will experience hands-on practical content that is extremely current and taught at the world's top conference stages. The course was written to address the need in the market for high-end training in the field of web platforms; inspired by daily on-site Penetration Testing and training in the community / conferences. The course enable students to practice topics such as exploit chaining, post-exploitation, combining low risk vulnerabilities to obtain high impact outcomes.

Benefits

The course examines and hacks a wealth of modern vulnerabilities aka (XXE Injection, OOB exploitation, Business logic flaws etc). All labs are virtualised and there are dedicated VMs for each student. The full description is on our website.
Advanced Web Hacking course will familiarise you with a wealth of hacking techniques for common operating systems, networking devices and everything else in between. The CTF is ideal for those preparing for CREST CCT (ACE), CHECK (CTL), TIGER SST and other similar industry certifications and those who perform Penetration Testing on web platforms as a day job and want to take their skills to different level.

Course Outline:

Introduction to Web Applications

  • Design Flaws
  • Authentication
  • Authorization
  • Session Management
  • Logical Flaws
  • Web Server Misconfiguration
  • Application Server Misconfiguration
  • HTTP... Läs mer

Objectives:

Individuals taking the Advanced Web Hacking course will experience hands-on practical content that is extremely current and taught at the world's top conference stages. The course was written to address the need in the market for high-end training in the field of web platforms; inspired by daily on-site Penetration Testing and training in the community / conferences. The course enable students to practice topics such as exploit chaining, post-exploitation, combining low risk vulnerabilities to obtain high impact outcomes.

Benefits

The course examines and hacks a wealth of modern vulnerabilities aka (XXE Injection, OOB exploitation, Business logic flaws etc). All labs are virtualised and there are dedicated VMs for each student. The full description is on our website.
Advanced Web Hacking course will familiarise you with a wealth of hacking techniques for common operating systems, networking devices and everything else in between. The CTF is ideal for those preparing for CREST CCT (ACE), CHECK (CTL), TIGER SST and other similar industry certifications and those who perform Penetration Testing on web platforms as a day job and want to take their skills to different level.

Course Outline:

Introduction to Web Applications

  • Design Flaws
  • Authentication
  • Authorization
  • Session Management
  • Logical Flaws
  • Web Server Misconfiguration
  • Application Server Misconfiguration
  • HTTP Methods
  • SSL and MITM attacks

Cross Site Issues

  • Cross Site Scripting
  • Cross Site Request Forgery
  • Session Fixation
  • Flash and Cross Domain Issues

Server Side Issues

  • SQL Injection
  • LDAP Injection
  • XPATH Injection
  • XXE Injection
  • File Uploads
  • Server Side Includes
  • File Inclusion
  • Direct Object Reference
  • OS Code Execution

Utbildningen levereras i samarbete med

Kurs-ID: QA-QAAWHACK
Längd: 4 dagar
Pris exkl moms: 39 888 kr

Frågor om kursen!?

Har du frågor om kursens innehåll, leveransdatum/ort eller behöver en företagsanpassad variant? Fyll i formuläret nedan!


Avtalsrabatter och kampanjer kan ej nyttjas på denna kurs.


Ort och datum

Cloud Access
i Läs mer

Delta på kursen från ditt hem, jobb eller annan plats.

10 okt – 13 okt
Boka nu!

Tipsa