Advance Web Application Security Testing Course Overview

This course is structured and designed to teach the participants about the advanced skills and techniques which is necessary to test modern web applications and technologies of the next-generation. The training is conducted with a combination of theoretical lecture, and hands-on exercises to teach the techniques and to test the security of internal enterprise web technologies, along with cutting edge Internet facing applications.

Audience

  • Web penetration testers
  • Red team members
  • Vulnerability assessment personnel
  • Network penetration testers
  • Security consultants
  • Developers
  • QA testers
  • System administrators
  • IT managers
  • System architects
  • 1. Do you have limited Window for training?
  • 2. Can you only spend 4-hours per day?
  • 3. Do you want to start training immediately?
  • If your answer is yes to any one of the above, you need 1-on-1- Training
The 1-on-1 Advantage
Methodology
Flexible Dates
4-Hour Sessions
  • View video
  • The course will be free if we are not able to start within 7 days of booking.
  • Only applicable for courses on which this logo appears.

Your will learn:

  • Testing: Spiders, robots, and Crawlers
  • Search engine discovery/Reconnaissance
  • Identify application entry points
  • Testing for Web Application Fingerprint
  • Application Discovery
  • Analysis of Error Codes
  • SSL/TLS Testing
  • DB Listener Testing
  • Infrastructure configuration management testing
  • Application configuration management testing
  • Testing for File extensions handling
  • Old, backup and unreferenced files
  • Infrastructure and Application Admin Interfaces
  • Testing for HTTP Methods and XST
  • Credentials transport over an encrypted channel
  • Testing for user enumeration
  • Default or guessable (dictionary) user account
  • Testing For Brute Force
  • Testing for Bypassing authentication schema
  • Testing for Vulnerable remember password and pwd reset
  • Testing for Logout and Browser Cache Management
  • Testing for CAPTCHA
  • Testing for Multiple factors Authentication
  • Testing for Race Conditions
  • Testing for Session Management Schema
  • Testing for Cookies attributes
  • Testing for Session Fixation
  • Testing for Exposed Session Variables
  • Testing for CSRF
  • Testing for path traversal
  • Testing for bypassing authorization schema
  • Testing for Privilege Escalation
  • Details are not available.
  • Testing for Reflected Cross Site Scripting
  • Testing for Stored Cross Site Scripting
  • Testing for DOM based Cross Site Scripting
  • Testing for Cross Site Flashing
  • SQL Injection
  • Oracle Testing
  • MySQL Testing
  • SQL Server Testing
  • MS Access Testing
  • Testing PostgreSQL
  • LDAP Injection
  • ORM Injection
  • XML Injection
  • SSI Injection
  • XPath Injection
  • IMAP/SMTP Injection
  • Code Injection
  • OS Commanding
  • Buffer overflow Testing
  • Heap overflow
  • Stack overflow
  • Format string
  • Testing for SQL Wildcard Attacks
  • Locking Customer Accounts
  • Buffer Overflows
  • User Specified Object Allocation
  • User Input as a Loop Counter
  • Writing User Provided Data to Disk
  • Failure to Release Resources
  • Storing too Much Data in Session
  • WS Information Gathering
  • Testing WSDL
  • XML Structural Testing
  • XML Content-level Testing
  • HTTP GET parameters/REST Testing
  • Naughty SOAP attachments
  • Replay Testing
  • AJAX Vulnerabilities
  • Testing For AJAX
  • How to value the real risk
  • How to write the report of the testing
Live Online Training (Duration : 40 Hours)
Group Training 1600 Per Participant
06 - 10 Jun 09:00 AM - 05:00 PM CST
(8 Hours/Day)
04 - 08 Jul 09:00 AM - 05:00 PM CST
(8 Hours/Day)
1-on-1 Training 3200 1850 + If you accept merging of other students.
4 Hours
8 Hours
Week Days
Weekend

Start Time : At any time

12 AM
12 PM

1-On-1 Training is Guaranteed to Run (GTR)
Classroom Training (Available: London, Dubai, India, Sydney, Vancouver)
Duration : On Request
Fee : On Request
On Request
Classroom Training is available. Enquire for the fee Click
Ultra-Fast Track

If you can't spare 40 hours. We can offer you an Ultra-Fast Track for 20 hours for only USD 1,480

Course Prerequisites
  • A good understanding of web penetration techniques and methodologies.
  • To be familiar with the HTTP protocol, HTML, and web applications.
  • Minimum of two years’ experience in web penetration testing, successful completion of the GWAPT certification, or having attended the SEC542.

Upon completion of this course, you will be able to accomplish

  • To perform an advanced Local File Include (LFI) / Remote File Include (RFI), Blind SQL injection (SQLi), and Cross-Site Scripting (XSS) combined with Cross-Site Request Forger (XSRF) discovery and exploitation
  • To exploit advanced vulnerabilities common to most backend language like Mass Assignments, Type Juggling, and Object Serialization
  • Knowing to perform JavaScript-based injection against ExpressJS, Node.js, and NoSQL
  • Understanding the special testing methods for content management systems such as SharePoint and WordPress
  • Identifying and to exploit encryption implementations within web applications and frameworks
  • Discover XML Entity and XPath vulnerabilities in SOAP or REST web services and other datastores
  • To use tools and techniques to work with and exploit HTTP/2 and Web Sockets
  • Identifying and to bypass the Web Application Firewalls and application filtering techniques to exploit the system

Request More Information

Add Name and Email Address of participant (If different from you)

FAQ's


Yes, fee excludes local taxes.
The Fee includes:
  • Courseware
  • Testing Via Qubits
  • Remote Labs
Yes, Koenig Solutions is a Open Source Learning Partner