Course Overview

You'll gain insight into the insecurities, vulnerabilities and exploits that lie within web applications so you can reduce the risk this poses to your business. This CREST Accredited course is based on OWASP Top 10 2017 and along with course Network Infrastructure Penetration Testing and Ethical Hacking will help students prepare for the CREST CRT examination.

  • 100% online course - Study anywhere, anytime

  • CREST Accredited Training Course

  • 1-2 months to complete

  • 6 months, 24-hr remote access to a virtual lab allows you to learn, train and practice your skills in your own time.

  • Level: Intermediate

  • Trainer Online Support

  • Exam Code: CPT-WEB, Hours 2.5 - Type: Hands-On

    (Exam vouchers available only upon full payment)

ICSI|CWPT Certified Web Penetration Tester

Course curriculum

  • 1

    Web Application Penetration Testing and Ethical Hacking

    • Introduction

  • 2

    Exam Information

    • Exam Information

  • 3

    Module 1: HTTP Protocol Overview

  • 4

    Module 2: Web vulnerability Scanners and Proxies

    • Burp Proxy

    • OpenVas

    • Nikto, Wapiti

    • Lab: Using Web Vulnerability Scanners

    • Lab: Using Web Vulnerability Scanners (Solution)

  • 5

    Module 3: Profiling the Web Server

    • Nmap

    • Metasploit Auxiliary Modules

    • Lab: Scanning the Web Server

    • Lab: Scanning the Web Server (Solution)

  • 6

    Module 4: Injection

    • Command Injection

    • Guided Exercise: Looking for File Inclusions

    • SQL Injection

    • Lab: SQL Injection

    • Lab: SQL Injection (Solution)

    • Mitigation of Injection

  • 7

    Module 5: Broken Authentication

    • Authentication Protocols and Weaknessess

    • Username Enumeration

    • Attacking Tomcat's Password with Metasploit

    • Brute Forcing Credentials with Hydra

    • Lab: Username Enumeration and Brute Forcing

    • Lab: Username Enumeration and Brute Forcing (Solution)

    • Mitigation of Broken Authentication

  • 8

    Module 6: Sensitive Data Exposure

    • Examples

    • Lab: Finding Sensitive Data on Web Applications

    • Lab: Finding Sensitive Data on Web Applications (Solution)

    • Mitigation of Sensitive Data Exposure

  • 9

    Module 7: XML External Entities (XXE)

    • XXE External Entities

    • Lab: XXE Exploitation

    • Lab: XXE Exploitation (Solution)

    • Mitigation of XML External Entities (XXE)

  • 10

    Module 8: Broken Access Control

    • Directory Traversal Overview

    • Lab: Attacking Path Traversal

    • Lab: Attacking Path Traversal (Solution)

    • Mitigation of Broken Access Control

  • 11

    Module 9: Security Misconfiguration

    • Understanding Security Misconfiguration

    • Using Burp to Detect Security Misconfiguration Issues

    • Lab: Security Misconfiguration

    • Lab: Security Misconfiguration (Solution)

    • Mitigation of Security Misconfiguration

  • 12

    Module 10: Cross-Site Scripting (XSS)

    • Types of Cross Site Scripting

    • Using Burp to Test for XSS Vulnerabilities

    • Guided Exercise: Reflected Cross Site Scripting (XSS)

    • Lab: Identifying XSS Vulnerabilities

    • Lab: identifying XSS Vulnerabilities (Solution)

    • Mitigation of Cross-Site Scripting (XSS)

  • 13

    Module 11: Insecure Deserialization

    • Examples

    • Mitigation of Insecure Deserialization

  • 14

    Module 12: Using Components with Known Vulnerabilities

    • Examples

    • Searching for Vulnerabilities

    • Lab: Identifying Web App Vulnerabilities

    • Lab: Identifying Web App Vulnerabilities (Solution)

    • Mitigation of using Components with Known Vulnerabilities

  • 15

    Module 13: Insufficient Logging and Monitoring

    • Examples

    • Mitigation of Insufficient Logging and Monitoring

  • 16

    Module 14: Capture the Flag

    • Lab: Web Pen testing Various Web Applications

  • 17

    Module 15: Extra Time

    • Extra Time: Using dirb

    • Extra Time: Wordpress Enumeration

Watch Intro Video

Detecting HTTP Methods

Video

What is included in this course

  • High-quality videos with in-depth content

  • Modular structure – student-directed path

  • Knowledge Checks at end of each module and the course

  • eBook

  • Lab Guide including video Guided Exercises and answer files

  • 6 months 24x7 remote access to a virtual lab

  • Instructor email support

  • 1 exam voucher - Online Exam Proctoring

  • Digital Certificate of Completion

  • Pass your Exam and share your Accredible Badge on LinkedIn