ABOUT US

ICSI is a UK registered company that offers specialized and accredited professional qualifications in cybersecurity for young IT graduates as well as mature professionals. It was created in response to the growing threats of cyber-crimes and the resulting demand for data security and protection.

ICSI | Certifications
white_logo_transparent_background.png
VISIT US

Bletchley Park Science and Innovation Centre Bletchley , Milton Keynes 
MK3 6EB

tel: +44 (0) 19 08 88 04 93

Contrary to other course providers, our technical courses exams are performance based (not multiple choice). This assures any prospective employer that you are indeed familiar with real-life cybersecurity problems, and gives you the confidence you will need in a new work environment.

Required Courses:

  1. Web Application Penetration Testing and Ethical Hacking


Exams:

  1. Exam Code: CPT-WEB [Hours 2.5, Type: Hands-On, Passing Grade 70%]

Accreditations:




 

Download Course Outline


Course Outline: Web Application Penetration Testing and Ethical Hacking
   
Certification: ICSI|CWPT Certified Web Penetration Tester 


Duration:  3 Days 


Candidate Prerequisites
Basic understanding of web application technologies. 


Overview:
You'll gain insight into the insecurities, vulnerabilities and exploits that lie within web applications so you can reduce the risk this poses to your business. This CREST Accredited course is based on OWASP Top 10 2017 and along with course Network Infrastructure Penetration Testing and Ethical Hacking will help students prepare for the CREST CRT examination. 

 

Who Should Attend:
Those responsible for developing, managing, testing or maintaining web based applications or anyone with an interest in the security of their web presence.

 

What is Included:
•    eBook
•    Lab Guide
•    6 months 24x7 remote access to a virtual lab
•    1 exam voucher - Online Exam Proctoring 
•    Certificate of Attendance (Digital)

 

Module 1: HTTP Protocol overview
•    Important HTTP methods
•    Cookies
•    Web Application Architecture
•    OWASP TOP 10

 

Module 2: Web Vulnerability Scanners and Proxies
•    Burp proxy
•    OpenVas 
•    Nikto, Wapiti

 

Module 3: Profiling the Web server
•    Nmap 
•    Metasploit Auxiliary Modules 

 

Module 4: Injection
•    Command injection
•    SQL Injection
•    Blind SQL Injection
•    Sqlmap
•    Mitigation of Injection

 

Module 5: Broken Authentication
•    Authentication Protocols and weaknesses 
•    Brute forcing credentials using Hydra 
•    Mitigation of Broken Authentication and Session Management 

 

Module 6: Sensitive Data Exposure
•    Examples
•    Scanning for Sensitive Data Exposure Issues
•    Mitigation of Sensitive Data Exposure

 

Module 7: XML External Entities (XXE)
•    XML External Entities XXE
•    Exploiting an XML External Entity Injection
•    Mitigation of XML External Entities (XXE) 

 

Module 8: Broken Access Control
•    Directory Traversal Overview
•    Mitigation of Broken Access Control

 

Module 9: Security Misconfiguration
•    Understanding Security Misconfiguration
•    Using Burp to detect security misconfiguration
•    Mitigation of Security Misconfiguration

 

Module 10: Cross-Site Scripting (XSS)
•    Types of cross-site scripting
•    Using Burp to test for XSS vulnerabilities
•    Mitigation of cross-site scripting (XSS)

 

Module 11: Insecure Deserialization
•    Examples
•    Searching for vulnerabilities
•    Mitigation of Insecure Deserialization

 

Module 12: Using Components with Known Vulnerabilities
•    Examples
•    Searching for Vulnerabilities
•    Mitigation of using components with Known Vulnerabilities

 

Module 13: Insufficient Logging and Monitoring
•    Examples
•    Mitigation of Insufficient Logging and Monitoring 

 

Module 14: Capture the Flag workshop
In this workshop you will apply skills acquired during the course to conduct a full web penetration test in an isolated environment.

Exam: 
The CPT-WEB practical certification exam covers Hands-On material from all 14 modules. The exam duration is 2.5 hours. Passing Grade = 70%.