COURSE IS SELF-PACED, AVAILABLE ON DEMAND
DURATION: 15 hours
CPE POINTS: On completion, you get a certificate granting you 15 CPE points.
The course starts on the 28th of November 2023.
This course will cover the OWASP TOP 10 vulnerabilities as well as other critical Web Application weaknesses. You don't need previous experience in penetration testing.
After completing this training, you will be a web application penetration tester. The act of discovering security vulnerabilities or bugs in a website and responsibly exposing them to your company's security team in an ethical manner is known as Web Application Penetration Testing.
"Hack yourself before they hack you”,
underlines the need of proactive security measures. In practice, this means enterprises must detect through penetration testing and patch vulnerabilities in their systems and applications before malicious hackers may exploit them.
This proactive approach to security helps prevent data breaches, financial losses, and damage to an organization's reputation.
- Bug bounty hunters
- Ethical hackers
- Penetration testers
- Security analysts
- CISO - Chief information security officer
- Security administrators
- SOC Analysts
- Ethical hacking enthusiast
Why take it NOW?
Web application penetration testing skills are in high demand in the job market and well paid up to 120K$ per year, making it a valuable area of expertise for those interested in a career in information security.
Why this course?
There are various reasons why learning web application penetration testing is important. To begin, knowing how attackers think and operate may help firms better safeguard their systems and data. Organizations may detect and fix possible flaws by learning about typical attack tactics and vulnerabilities. Furthermore, as people become increasingly reliant on technology in many parts of their lives, the quantity and sophistication of cyberattacks is rising, making it even more vital for individuals and companies to understand and protect against them.
What skills will you gain?
- Web security testing
- Automated security testing
- Manual security testing
- Bug hunting skills
- Think outside of the box
- Vulnerability assessment
- Hacker mindset
What will you learn about?
- Latest OWASP Top 10 framework
- Security testing vulnerabilities
- Learn how to detect critical vulnerabilities
- Learn the ways to exploit vulnerabilities
- Check list approach for security penetration testing
What tools will you use?
- Kali Linux
- Burp Suite
Course general information:
- Accessible even after you finish the course
- No preset deadlines
- Materials are video, labs, and text
What will you need?
- A computer system with 40GB of storage and min 8GB of RAM
- Internet connectivity
- Kali Linux
- Burp Suite community edition
- Virtual Box or VMWARE workstation
What should you know before you join?
- Virtual Box or VMWARE skills
- Familiar with web languages
YOUR INSTRUCTOR: Youssef Khaoulaj
Youssef is a security researcher specialized in finding web applications, cloud, blockchain and smart contract vulnerabilities. He has more than 8 years of experience in the field of information security that varies from Web Application Security, Incident Handling, Cloud Security, Network Security, Blockchain and Smart Contract Security. Youssef has more than 3 years of experience in the field of Blockchain and Smart Contract with a good knowledge in Decentralized Applications Development. He has spoken at numerous conferences and published many papers and reports in the area of hacking and smart contract auditing.
He has received many recommendations from EX-Pentagon cybersecurity engineers, IT security trainers in Australia and his supervisor System administrator USA.
Before the course
Check list for pen testing and other web application vulnerabilities, like 2 FA bypass, Joomla, Drupal, WordPress, Oauth etc.
Vulnerable and Outdated Components
Vulnerable and outdated components are software components (libraries, frameworks, modules, plugins, and so on) used inside an application or system that have known security vulnerabilities or have not been updated to their most recent versions. These components may compromise a software application's or system's security and stability.
- Burp Suite
- Directory listing
- Error handling
- Brute force
- OSINT tools
Identification and Authentication Failures
Failures in identification and authentication occur when systems or processes fail to correctly identify and authenticate persons seeking to access a certain resource, system, or service.
- Default credentials
- Brute force
- Session management
- Session fixation
- Logic vulnerabilities
- Password reset mechanism
- Account Lockouts
Server-side Request Forgery
An attacker uses server-side request forgery (SSRF) to trick a web application into making unauthorized requests to other resources or services on the same server or inside an internal network. This can expose data, allow unwanted access, and perhaps lead to further exploitation of the target system.
- Because this is the SSRF issue, we will test for this sort of vulnerability in many settings and target types. We will test for SSRF vulnerability using both automated and manual methods.
Software and Data Integrity Failures
Software and data integrity failures occur when the integrity (accuracy, consistency, and dependability) of software programs or data sets becomes compromised as a result of mistakes, corruption, illegal alterations, or malicious acts. These failures can have major repercussions, such as data loss, system failure, security breaches, and other vulnerabilities.
- Insecure deserialisation
- Unauthorized Access and Modification
- Download of code without an integrity check
- Supply chain attack
If you have any questions, please contact our eLearning Manager at [email protected].