Step by Step Web Applications Penetration Tester

You will learn hacking tools, methodologies and techniques and and learn how to secure them from these hackers.

   Watch Promo   Enroll in Course

In order to protect yourself from hackers, you must think as one.

This training is based on a practical approach of day-by-day situations and it contain labs based on real environments. For the labs, target virtual machines are provided.

The course objective is to help you learn to master the (ethical) hacking techniques and methodology that are used in penetration systems. The course is designed for IT passionate, network and system engineers, security officers.

Below are the main topics, both theoretical and practical, of this course:

  • Core problems (Causes. Defences)
  • Web Technologies (HTTP Protocol, Web Functionality, Encoding)
  • Mapping (Spidering and Analysing)
  • Attacking Authentication (Technologies, Flaws, Fixes, Brute Force)
  • Attacking Session Management (State, Tokens, Flaws)
  • Attacking Access Controls (Common Vulnerabilities, Attacks)
  • Attacking Data Stores (SQL Injection, Bypassing Filters, Escalation)
  • Bypassing Client-Side Controls (Browser Interception, HTML interception, Fixes)
  • Attacking the server (OS command Injection, Path Traversal, Mail Injection, File Upload)
  • Attacking Application Logic
  • Cross Site Scripting
  • Attacking Users (CSRF, ClickJacking, HTML Injection)

Demos:

  • Spidering, Website Analyser
  • Brute-Force
  • Session Hijacking via Mann-in-The-Middle
  • Get Gmail or Facebook Passwords via SSLStrip
  • SQL Injection
  • Upload File and Remote Execution
  • Cross-Site Scripting (Stored + Reflected, Preventing XSS)
  • CSRF (Change password trough CSRF vuln., Preventing CSRF)


Your Instructor(s)


Gabriel Avramescu
Gabriel Avramescu

Senior Information Security Consultant

  • I work in the Internet security team, focused on ethical hacking - deliberately and purposefully challenging the IT security assumptions, strategies, and methods of protecting vital assets and information by emulating an adversary.
  • Scan and exploit for a wide variety of data center infrastructure and application vulnerabilities, following defined rules of engagement and attack scenarios (ethical hacking).
  • Make recommendations on security weaknesses and report on activities and findings. 
  • Perform Internet penetration testing (black box / white box testing) and code reviews (manual and automated) 
  • Use testing tools as NetBIOS scanning, network pinging and testing, packet crafting and analyzing, port scanning for vulnerability assessment
  • Perform analysis and testing to verify the strengths and weaknesses of Web Applications and Web Services (SML, SOAP, WSDL, UDDI, etc.)
  • Perform analysis and testing to verify the strengths and weaknesses of a variety of operating systems, network devices, web applications, and security architectures 
  • Assist with the development of remediation services for identified findings 
  • Customize, operate, audit, and maintain security related tools and applications

IT Trainer 

  • CEH, ECSA, CHFI from EC-Council
  • Cisco CCNA, CCNA Security, Linux Essentials

Certifications

  • OSCE
  • OSWE
  • OSWP
  • CREST Registered Penetration Tester (CRT)
  • OSCP
  • CHFI (Computer Hacking Forensic Investigator)
  • ISO 270001 Lead Auditor
  • ECSA (EC-Council Security Analyst)
  • CEH (Certified Ethical Hacker)
  • CCNA and CCNA Security
  • CCNP Routing and CCNP Switching
  • Advanced Linux&InfoSEC
  • VMWare vSphere Install, Configure, Manage
  • Microsoft Certified Technology Specialist (MCTS/MCP 70-642): Microsoft Windows Server 2008 Network Infrastructure, etc.

Course Curriculum


  Why Web Security?
Available in days
days after you enroll
  Mapping the Web Application. User and Password Brute-Forcing
Available in days
days after you enroll
  Attacking Authentication and Session Management - Session Hijacking
Available in days
days after you enroll

Frequently Asked Questions


When does the course start and finish?
The course starts now and never ends! It is a completely self-paced online course - you decide when you start and when you finish.
How long do I have access to the course?
How does lifetime access sound? After enrolling, you have unlimited access to this course for as long as you like - across any and all devices you own.