Cursos

Basic Web Hacking

1,500.00 +Iva

Dias: 2
Duração: 14 horas
Próxima Data: 30/09/2021 a 01/10/2021
Área: Cibersegurança
Certificação Associada: 156-403 – Check Point Certified PenTesting Expert – Web Hacking (CCPE-W)
Local: Lisboa e Porto

*Curso disponível em Live Training

Quero inscrever-me
REF: NSSBWH Categoria: Etiqueta:

Descrição

This is an entry-level web application security testing course and also a recommended pre-requisite course before enrolling for our “Advanced Web Hacking” course. This foundation course of “Web Hacking” familiarises the attendees with the basics of web application and web application security concerns. A number of tools and techniques, backed up by a systematic approach on the various phases of hacking will be discussed during this 2-day course. If you would like to step into a career of Ethical Hacking / Pen Testing with the right amount of knowledge, this is the right course for you.

Destinatários

System Administrators, Web Developers, SOC analysts, Penetration Testers, network engineers, security enthusiasts and anyone who wants to take their skills to the next level.

Programa

Module 1: UNDERSTANDING THE HTTP PROTOCOL

  • HTTP Protocol Basics
  • Introduction to proxy tools

Module 2: INFORMATION GATHERING

  • Enumeration Techniques
  • Understanding Web Attack surface

Module 3: USERNAME ENUMERATION & FAULTY PASSWORD RESET

  • Attacking Authentication and Faulty Password mechanisms

Module 4: ISSUES WITH SSL/TLS

  • SSL/TLS misconfiguration

Module 5: AUTHORIZATION BYPASS

  • Logical Bypass techniques
  • Session related issues

Module 6: CROSS SITE SCRIPTING (XSS)

  • Various types of XSS
  • Session Hijacking & other attacks

Module 7: CROSS SITE REQUEST FORGERY (CSRF)

  • Understanding CSRF attack

Module 8: SQL INJECTION

  • SQL Injection types
  • Manual Exploitation

Module 9: XML EXTERNAL ENTITY (XXE) ATTACKS

  • XXE Basics
  • XXE exploitation

Module 10: INSECURE FILE UPLOADS

  • Attacking File upload functionality

Module 11: DESERIALIZATION VULNERABILITIES

  • Serialization Basics
  • PHP Deserialization Attack

Pré-requisitos

Delegates should bring their laptop with windows operating system installed (either natively or running in a VM). Further, Delegates must have administrative access to perform tasks such as installing software, disabling antivirus etc. Devices that don’t have an Ethernet connection (e.g. MacBook Air, tablets etc.) will not be supported during the course.

Outras datas