Narrated ‘Ali bin Abi Talib (RA): The Prophet (RA) stood up for a funeral (to show respect) and thereafter he sat down. (Dawud)

Browse Categories

Browse Categories

Web Application Penetration Testing

4.5/5

With the increase in web applications, the way of doing business has changed along with the way of sharing and accessing data. This has invited malicious attackers to intrude into the system and gain leverage. Therefore, Web Application Pentesting has become important to defend the application and network. This course will teach you how to analyze technical flaws, vulnerabilities and weaknesses. 

EC-Council-removebg-preview

Training Options

Classroom Training

Online Instructor Led

Onsite Training

Corporate Training Options

Online Instructor Led

2

Classroom Training

undraw_building_re_xfcm 1

Onsite Training

Overseas Training

Course Information

Module 1: Web Application Assessment

  • OWASP Top 10 Vulnerabilities
  • Threat Modelling Principle
  • Site Mapping & Web Crawling
  • Server & Application Fingerprinting
  • Identifying the entry points
  • Page enumeration and brute forcing
  • Looking for leftovers and backup files

Module 2: Authentication vulnerabilities

  • Authentication scenarios
  • User enumeration
  • Guessing passwords – Brute force & Dictionary attacks
  • Default users/passwords
  • Weak password policy
  • Direct page requests
  • Parameter modification
  • Password flaws
  • Locking out users
  • Lack of SSL at login pages
  • Bypassing weak CAPTCHA mechanisms
  • Login without SSL

Module 3: Authorization vulnerabilities

  • Role-based access control (RBAC)
  • Authorization bypassing
  • Forceful browsing
  • Client-side validation attacks
  • Insecure direct object reference

» Show More 👇

Module 4: Improper Input Validation & Injection vulnerabilities

  • Input validation techniques
  • Blacklist VS. Whitelist input validation bypassing
  • Encoding attacks
  • Directory traversal
  • Command injection
  • Code injection
  • Log injection
  • XML injection – XPath Injection | Malicious files | XML Entity
  • bomb
  • LDAP Injection
  • SQL injection
  • Common implementation mistakes – authentication
  • Bypassing using SQL Injection
  • Cross Site Scripting (XSS)
  • Reflected VS. Stored XSS
  • Special chars – ‘ & < >, empty

Module 5: Insecure file handling

  • Path traversal
  • Canonicalization
  • Uploaded files backdoors
  • Insecure file extension handling
  • Directory listing
  • File size
  • File type
  • Malware upload

Module 6: Session & browser manipulation attacks

  • Session management techniques
  • Cookie based session management
  • Cookie properties
  • Cookies – secrets in cookies, tampering
  • Exposed session variables
  • Missing Attributes – httpOnly, secure
  • Session validity after logoff
  • Long session timeout
  • Session keep alive – enable/disable
  • Session id rotation
  • Session Fixation
  • Cross Site Request Forgery (CSRF) – URL Encoding
  • Open redirect

Module 7: Information leak

  • Web Services Assessment
  • Web Service Testing
  • OWASP Web Service Specific Testing
  • Testing WSDL
  • Sql Injection to Root
  • LFI and RFI]
  • OWASP Top 10 Revamp

» Show Less 👆

Audience Profile

  • Penetration testers
  • Application developers
  • Web administrators
  • Security analysts

Corporate Training Options

Online Instructor Led

Live, Online Training by top Instructors and practitioners across the globe.

Onsite
Training

Conduct training at the work location you desired.

Classroom Training

The Venue will be ideally located and easy to access with covid-19 SOP's.

Overseas Training

Travel to any desired location for your training.

Upcoming Batch

Enquiry Form:

Testimonials?

Mohammed Aljbreen Operation Specialist, SAMA

The Clarity of the Content was very good. The explanation of the trainer with in-depth knowledge in a proper flow really impressed me to give 5 star rating.

Arindam Chakraborty Systems Specialist, King Abdullah University of Sciences & Technology

The Instructor was really impressive. Clear cut explanation of every topic he covered with real time scenarios.

Sher Afzal Khan Cloud Engineer, Cloud 9 Networks

The Trainer and the Course Material, both are good. Good flow of explanation with simple examples. The complete training was focused on current industry challenges.

Jawed Ahmad Siddiqui Sr. System Administrator, Saudi Ceramics

The Trainer’s presentation was impressed me to continue the course till end. Never feel bore till the entire sessions. She studied our mindset and follows.

    Not sure,
    which course to choose?

    Our Clients across the Globe!

    Our Corporate Clients

    Best Solution To Transform Your Corporate Environment.

    Our Offices.

    UAE

    Office No- 306, Galadari Mazda Building Airport Road, Garhoud, Dubai.

    SPAIN

    C / Aribau 11 2-4 08913 Badalona Barcelona,
    Spain.

    UK

    85 Skeffington Road East Ham E6 2NA,
    London.

    AUS

    Level 22, HWT Tower, 40 City Road, Southbank, Melbourne VIC 3006.

    IN

    12B, Chitrapuri Hills, Hyderabad, Telangana
    India.