SIGN IN
REGISTER FOR EXAM
Buy On-Demand Training
Book Classroom / Live Online Training

Course Overview

You'll gain insight into the insecurities, vulnerabilities and exploits that lie within web applications so you can reduce the risk this poses to your business. This CREST Accredited course is based on OWASP Top 10 2017 and along with course Network Infrastructure Penetration Testing and Ethical Hacking will help students prepare for the CREST CRT examination.

100% online course - Study anywhere, anytime

CREST Accredited Training Course

1-2 months to complete

6 months, 24-hr remote access to a virtual lab allows you to learn, train and practice your skills in your own time.

Level: Intermediate

Trainer Online Support

Exam Code: CPT-WEB, Hours 2.5 - Type: Hands-On (Exam vouchers available only upon full payment)

ICSI|CWPT Certified Web Penetration Tester

Course Curriculum

Web Application Penetration Testing and Ethical Hacking

  • Introduction

Module 1: HTTP Protocol Overview

  • Important HTTP Methods
  • Guided Exercise: Detecting HTTP Methods
  • Guided Exercise: Detecting HTTP Methods (Video)
  • Guided Exercise: Exploiting the PUT Method
  • Guided Exercise: Exploiting the PUT Method (Video)
  • Cookies
  • Web Application Architecture
  • OWASP Top 10

Module 2: Web vulnerability Scanners and Proxies

  • Burp Proxy
  • OpenVas
  • Nikto, Wapiti
  • Lab: Using Web Vulnerability Scanners
  • Lab: Using Web Vulnerability Scanners (Solution)

Module 3: Profiling the Web Server

  • Nmap
  • Metasploit Auxiliary Modules
  • Lab: Scanning the Web Server
  • Lab: Scanning the Web Server (Solution)

Module 4: Injection

  • Command Injection
  • Guided Exercise: Looking for File Inclusions
  • Guided Exercise: Looking for File Inclusions (Video)
  • SQL Injection
  • Lab: SQL Injection
  • Lab: SQL Injection (Solution)
  • Mitigation of Injection

Module 5: Broken Authentication

  • Authentication Protocols and Weaknessess
  • Username Enumeration
  • Attacking Tomcat’s Password with Metasploit
  • Brute Forcing Credentials with Hydra
  • Lab: Username Enumeration and Brute Forcing
  • Lab: Username Enumeration and Brute Forcing (Solution)
  • Mitigation of Broken Authentication

Module 6: Sensitive Data Exposure

  • Examples
  • Lab: Finding Sensitive Data on Web Applications
  • Lab: Finding Sensitive Data on Web Applications (Solution)
  • Mitigation of Sensitive Data Exposure

Module 7: XML External Entities (XXE)

  • XXE External Entities
  • Lab: XXE Exploitation
  • Lab: XXE Exploitation (Solution)
  • Mitigation of XML External Entities (XXE)

Module 8: Broken Access Control

  • Directory Traversal Overview
  • Lab: Attacking Path Traversal
  • Lab: Attacking Path Traversal (Solution)
  • Mitigation of Broken Access Control

Module 9: Security Misconfiguration

  • Understanding Security Misconfiguration
  • Using Burp to Detect Security Misconfiguration Issues
  • Lab: Security Misconfiguration
  • Lab: Security Misconfiguration (Solution)
  • Mitigation of Security Misconfiguration

Module 10: Cross-Site Scripting (XSS)

  • Types of Cross Site Scripting
  • Using Burp to Test for XSS Vulnerabilities
  • Guided Exercise: Reflected Cross Site Scripting (XSS)
  • Guided Exercise: Reflected Cross Site Scripting (XSS) (Video)
  • Lab: Identifying XSS Vulnerabilities
  • Lab: identifying XSS Vulnerabilities (Solution)
  • Mitigation of Cross-Site Scripting (XSS)

Module 11: Insecure Deserialization

  • Examples
  • Mitigation of Insecure Deserialization

Module 12: Using Components with Known Vulnerabilities

  • Examples
  • Searching for Vulnerabilities
  • Lab: Identifying Web App Vulnerabilities
  • Lab: Identifying Web App Vulnerabilities (Solution)
  • Mitigation of using Components with Known Vulnerabilities

Module 13: Insufficient Logging and Monitoring

  • Examples
  • Mitigation of Insufficient Logging and Monitoring

Module 14: Capture the Flag

  • Lab: Web Pen testing Various Web Applications

Exam Registration

  • How to register for the exam

Module 15: Extra Time

  • Extra Time: Using dirb
  • Extra Time: WordPress Enumeration

What is included in this course

  • High-quality videos with in-depth content

  • Modular structure – student-directed path

  • Knowledge Checks at end of each module and the course

  • eBook

  • Lab Guide including video Guided Exercises and answer files

  • 6 months 24x7 remote access to a virtual lab

  • Instructor email support

  • 1 exam voucher - Online Exam Proctoring

  • Digital Certificate of Completion

  • Pass your Exam and share your Accredible Badge on LinkedIn