Advanced Web Application Security Testing Training

Q: Is GST/ VAT applicable on the published fee?

No, the published fee includes all applicable taxes.

Overview Schedule & Fees Course Benefits Student Feedback FAQ Course Modules

Advance Web Application Security Testing Certification Training Course Overview

This course is structured and designed to teach the participants about the advanced skills and techniques which is necessary to test modern web applications and technologies of the next-generation. The training is conducted with a combination of theoretical lecture, and hands-on exercises to teach the techniques and to test the security of internal enterprise web technologies, along with cutting edge Internet facing applications.

Audience

Web penetration testers
Red team members
Vulnerability assessment personnel
Network penetration testers
Security consultants
Developers
QA testers
System administrators
IT managers
System architects

Test your current knowledge Qubits42

Advanced Web Application Security Testing Training (Duration : 40 Hours) Download Course Contents

Live Virtual Classroom 1850

Group Training 18 - 22 Oct GTR 09:00 AM - 05:00 PM CST (8 Hours/Day) 01 - 05 Nov GTR 09:00 AM - 05:00 PM CST (8 Hours/Day) 06 - 10 Dec GTR 09:00 AM - 05:00 PM CST (8 Hours/Day)	1-on-1 Training (GTR) 4 Hours 8 Hours Week Days Weekend Start Time : At any time 12 AM 12 PM Training Schedule: GTR=Guaranteed to Run

Special Solutions for Corporate Clients! Click here

Hire Our Trainers! Click here

Customers who bought this course also bought

Ethical Hacking Certification (CEH v11) Training Course is recommended before.

Advanced Web Application Security Testing Training is recommended after.

Advanced Linux BASH Shell Scripting Training Course

Configuration Management with Ansible

Kubernetes Administration Using Docker Training Course

Python Bootcamp Certification Training Course

React JS

10% discount on 2nd course:

Course Modules

Module 1: Introduction and Objective of OWASP Testing Framework

Topic details are not available.

Module 2: Information Gathering

Testing: Spiders, robots, and Crawlers
Search engine discovery/Reconnaissance
Identify application entry points
Testing for Web Application Fingerprint
Application Discovery
Analysis of Error Codes

Module 3: Configuration Management Testing

SSL/TLS Testing
DB Listener Testing
Infrastructure configuration management testing
Application configuration management testing
Testing for File extensions handling
Old, backup and unreferenced files
Infrastructure and Application Admin Interfaces
Testing for HTTP Methods and XST

Module 4: Authentication Testing

Credentials transport over an encrypted channel
Testing for user enumeration
Default or guessable (dictionary) user account
Testing For Brute Force
Testing for Bypassing authentication schema
Testing for Vulnerable remember password and pwd reset
Testing for Logout and Browser Cache Management
Testing for CAPTCHA
Testing for Multiple factors Authentication
Testing for Race Conditions

Module 5: Session Management Testing

Testing for Session Management Schema
Testing for Cookies attributes
Testing for Session Fixation
Testing for Exposed Session Variables
Testing for CSRF

Module 6: Authorization testing

Testing for path traversal
Testing for bypassing authorization schema
Testing for Privilege Escalation

Module 7: Business logic testing

Topic details are not available.

Module 8: Data Validation Testing

Testing for Reflected Cross Site Scripting
Testing for Stored Cross Site Scripting
Testing for DOM based Cross Site Scripting
Testing for Cross Site Flashing
SQL Injection
Oracle Testing
MySQL Testing
SQL Server Testing
MS Access Testing
Testing PostgreSQL
LDAP Injection
ORM Injection
XML Injection
SSI Injection
XPath Injection
IMAP/SMTP Injection
Code Injection
OS Commanding
Buffer overflow Testing
Heap overflow
Stack overflow
Format string

Module 9: Denial of Service Testing

Testing for SQL Wildcard Attacks
Locking Customer Accounts
Buffer Overflows
User Specified Object Allocation
User Input as a Loop Counter
Writing User Provided Data to Disk
Failure to Release Resources
Storing too Much Data in Session

Module 10: Web Services Testing

WS Information Gathering
Testing WSDL
XML Structural Testing
XML Content-level Testing
HTTP GET parameters/REST Testing
Naughty SOAP attachments
Replay Testing

Module 11: AJAX Testing

AJAX Vulnerabilities
Testing For AJAX

Module 12: Writing Reports

How to value the real risk
How to write the report of the testing

Download Course Contents

Request More Information

Request a call back?

Course Prerequisites

A good understanding of web penetration techniques and methodologies.
To be familiar with the HTTP protocol, HTML, and web applications.
Minimum of two years’ experience in web penetration testing, successful completion of the GWAPT certification, or having attended the SEC542.

Upon completion of this course, you will be able to accomplish

To perform an advanced Local File Include (LFI) / Remote File Include (RFI), Blind SQL injection (SQLi), and Cross-Site Scripting (XSS) combined with Cross-Site Request Forger (XSRF) discovery and exploitation
To exploit advanced vulnerabilities common to most backend language like Mass Assignments, Type Juggling, and Object Serialization
Knowing to perform JavaScript-based injection against ExpressJS, Node.js, and NoSQL
Understanding the special testing methods for content management systems such as SharePoint and WordPress
Identifying and to exploit encryption implementations within web applications and frameworks
Discover XML Entity and XPath vulnerabilities in SOAP or REST web services and other datastores
To use tools and techniques to work with and exploit HTTP/2 and Web Sockets
Identifying and to bypass the Web Application Firewalls and application filtering techniques to exploit the system