• LOGIN
    • No products in the cart.
h9_ef

Bypassing Web Application Firewall (W30)

$219.00

16 in stock

Category:

Product Description

Nowadays, the number of web application firewalls (or simply WAFs) is increasing, which results in a more difficult penetration test from our side. So, it becomes a necessity and really important to be able to bypass WAFs in a penetration test. In this course, we are going to examine practical approaches in bypassing WAFs as a part of our penetration test, and, of course, the theory behind WAFs and how they work.

18 CPE Credits

Self-paced


Course format: 

    • The course is self-paced – you can visit the training whenever you want and your content will be there.


    • Once you’re in, you keep access forever, even when you finish the course. 


    • There are no deadlines, except for the ones you set for yourself. 


    • We designed the course so that a diligent student will need about 18 hours of work to complete the training.


    • Your time will be filled with reading, videos, and exercises. 




What will you learn?

    • WAF Bypassing


    • How WAFs work


    • How to implement WAF Bypassing to our penetration test



What skills will you gain?

    • WAF Bypassing and Hacking


    • WAF Hardening and Securing



What will you need?

    • PC with a preferred operating system (Mac OSX 10.5+, Windows 7+, Linux)


    • At least 4gb of RAM for the VMs to work properly


    • At least 10gb of free storage for VMs



What should you know before joining?

    • Basics and understanding of penetration testing


    • Basics and understanding of web applications and how they work


    • Basic understanding of programming (Python scripts will be examined, and HTML and SQL pieces, too)



Your instuctor: Thomas Sermpinis

tomsermpinis-310x3108 years of experience in the Security sector

Java, C++, Python

Editor of “Penetration Testing with Android Devices”, “Penetration Testing with Kali 2.0” courses of PenTest Magazine.

Editor of “Web Application Hacking: Data Store attacks and Advanced SQL Injection”, “Android Malware Analysis” courses on eForensics Magazine.

Editor on DeltaHacker Magazine

4 years of blogging on Penetration Testing topics (Cr0w’s Place)

Hacking and Android Enthusiast

Blog: https://cr0wsplace.wordpress.com

YouTube channel: https://www.youtube.com/user/Cr0wsPlace


Syllabus


Module 1

Introduction WAFs, WAF Bypassing and techniques

In this module, we will quickly examine how WAFs work in a web server, and we will be introduced to WAF Bypassing and some interesting methods with practical examples, attacking web application firewalls with conventional methods.

    • Introduction to WAFs, WAF types and WAF Bypassing


    • Introduction to web application servers, how they work and where WAFs live


    • Introduction to WAF Bypassing logic and techniques


    • WAF Fingerprinting Introduction and practical examples


    • Practical Introductory examples to WAF Bypassing



Module 2

WAF Bypassing with SQL Injection

In module 2, we examine how we can bypass WAF by exploiting SQL Injection vulnerabilities, with various ways such as normalization and HTTP Parameter Pollution.

    • Basics of SQL Injection


    • SQL Injection -Normalization


    • SQL Injection with HTTP Parameter Pollution


    • Advanced SQL Injection techniques for bypassing WAF (encoding, concatenation, etc.)



Module 3

WAF Bypassing with XSS and RFI

In module 3, we will examine more ways of WAF Bypassing, this time containing the Remote File Inclusion and the Cross-Site Scripting and more.

    • Introduction to XSS


    • Exploiting XSS for WAF Bypassing


    • Introduction to RFI


    • Exploiting RFI for WAF Bypassing



Module 4

Securing WAF and Conclusion


Finally, in module 4, we will see some final methods for bypassing WAFs, and prevention methods with practical examples for our WAF implementations.

    • Automated attacks


    • Selecting the best approach for your penetration test


    • Bypassing WAF finale


    • Securing WAF


    • Conclusion



    • Will the course discuss how to identify which technique is best suited for each identified firewall?

      Yes.


    • Will they be discussing the layers in the Application Server? The Web app? The database server?

      Yes.


    • Will the course discuss binary and Hex encoding to bypass?

      Yes.


    • Will the course discuss any of the CLI tools used by penetration testers to bypass WAFs?

      Yes.


    • Is the course demonstrating how to bypass commercial grade or open source WAF?

      Both, but I may not reveal each WAF that I will test, because of copyrights.


    • Is the course demonstrating how to bypass WAF with default or extensive configuration?

      If the time allows it, in each case.



Contact

If you have any questions, drop us a line: 



Reviews

There are no reviews yet.

Be the first to review “Bypassing Web Application Firewall (W30)”

Your email address will not be published.

© HAKIN9 MEDIA SP. Z O.O. SP. K. 2013