Web Application Penetration Testing

★★★★★ 4.5/5

With the increase in web applications, the way of doing business has changed along with the way of sharing and accessing data. This has invited malicious attackers to intrude into the system and gain leverage. Therefore, Web Application Pentesting has become important to defend the application and network. This course will teach you how to analyze technical flaws, vulnerabilities and weaknesses.

Training Options

Classroom Training

Online Instructor Led

Onsite Training

Corporate Training Options

Online Instructor Led

Classroom Training

Onsite Training

Overseas Training

Course Information

Course Syllabus
Who It’s for
FAQs

Module 1: Web Application Assessment

OWASP Top 10 Vulnerabilities
Threat Modelling Principle
Site Mapping & Web Crawling
Server & Application Fingerprinting
Identifying the entry points
Page enumeration and brute forcing
Looking for leftovers and backup files

Module 2: Authentication vulnerabilities

Authentication scenarios
User enumeration
Guessing passwords – Brute force & Dictionary attacks
Default users/passwords
Weak password policy
Direct page requests
Parameter modification
Password flaws
Locking out users
Lack of SSL at login pages
Bypassing weak CAPTCHA mechanisms
Login without SSL

Module 3: Authorization vulnerabilities

Role-based access control (RBAC)
Authorization bypassing
Forceful browsing
Client-side validation attacks
Insecure direct object reference

» Show More 👇

Module 4: Improper Input Validation & Injection vulnerabilities

Input validation techniques
Blacklist VS. Whitelist input validation bypassing
Encoding attacks
Directory traversal
Command injection
Code injection
Log injection
XML injection – XPath Injection | Malicious files | XML Entity
bomb
LDAP Injection
SQL injection
Common implementation mistakes – authentication
Bypassing using SQL Injection
Cross Site Scripting (XSS)
Reflected VS. Stored XSS
Special chars – ‘ & < >, empty

Module 5: Insecure file handling

Path traversal
Canonicalization
Uploaded files backdoors
Insecure file extension handling
Directory listing
File size
File type
Malware upload

Module 6: Session & browser manipulation attacks

Session management techniques
Cookie based session management
Cookie properties
Cookies – secrets in cookies, tampering
Exposed session variables
Missing Attributes – httpOnly, secure
Session validity after logoff
Long session timeout
Session keep alive – enable/disable
Session id rotation
Session Fixation
Cross Site Request Forgery (CSRF) – URL Encoding
Open redirect

Module 7: Information leak

Web Services Assessment
Web Service Testing
OWASP Web Service Specific Testing
Testing WSDL
Sql Injection to Root
LFI and RFI]
OWASP Top 10 Revamp

» Show Less 👆

Audience Profile

Penetration testers
Application developers
Web administrators
Security analysts

Corporate Training Options

Online Instructor Led

Live, Online Training by top Instructors and practitioners across the globe.

Onsite
Training

Conduct training at the work location you desired.

Classroom Training

The Venue will be ideally located and easy to access with covid-19 SOP's.

Overseas Training

Travel to any desired location for your training.

Upcoming Batch

Enquiry Form:

Why CounselTrain is the best option for Corporate Trainings?

Customized Learning

Business Fulfilment

Industry Expert Trainers

100% ROI

Testimonials?

Mohammed Aljbreen Operation Specialist, SAMA

The Clarity of the Content was very good. The explanation of the trainer with in-depth knowledge in a proper flow really impressed me to give 5 star rating.

Arindam Chakraborty Systems Specialist, King Abdullah University of Sciences & Technology

The Instructor was really impressive. Clear cut explanation of every topic he covered with real time scenarios.

Sher Afzal Khan Cloud Engineer, Cloud 9 Networks

The Trainer and the Course Material, both are good. Good flow of explanation with simple examples. The complete training was focused on current industry challenges.

Jawed Ahmad Siddiqui Sr. System Administrator, Saudi Ceramics

The Trainer’s presentation was impressed me to continue the course till end. Never feel bore till the entire sessions. She studied our mindset and follows.