Web Penetration Testing

Penetration testing is the process of testing a computer system, network or web application to identify vulnerabilities that an attacker could exploit. This activity typically involves simulating an attack on the system to identify vulnerabilities and assess the organization's defenses. Penetration testing is important for organizations to ensure the security of their systems and protect against potential cyber attacks. Real - time Training sessions

PRACTICAL EXAM

At the end of the course, the participants will take a practical exam, in which the objective will be to perform a Penetration Testing and present a final report. After passing the exam, the designation and diploma of "CSA Web Penetration Tester (CWPT)" will be issued.

Meet your trainer

Cristian Cornea

Trainer

Cristian has a broad and multifaceted expertise, from Web Application Penetration Testing to Cloud Security Audits. Certified with prestigious diplomas such as OSCE, OSED, OSWE, CREST CRT, OSEP, OSCP, CEH, CompTIA PenTest+, ECIH, CPTC, and others. Recognized for ethically reporting vulnerabilities by many major organizations such as the Pentagon, Sony, AT&T, General Motors, Adobe, Swiss Post, and more. Cristian served as a trainer for multiple governmental and private institutions on an international level, such as Military Units in Poland, the U.S. Army, Government Entities in Slovenia, and many others. Simultaneously, Cristian was a speaker at multiple globally recognized conferences in the cyber security industry. Some examples are: BSides, Cyber Security Congress Barcelona, DefCamp, HEK Slovenia, HackTheZone, RSTCon.

Course curriculum

1. THEORETICAL MODULE: Web Pentesting Methodology
2. THEORETICAL MODULE: Pre-engagement process (Defining the scope, setting up the testing environment, SoW, RoE, NDA, etc.)
3. THEORETICAL MODULE: OWASP TOP 10 – Web
4. THEORETICAL MODULE: OWASP TOP 10 – API
5. PRACTICAL MODULE: Enumeration and Reconnaissance
6. PRACTICAL MODULE: Using Automated Tools
7. PRACTICAL MODULE: CMS Scanning
8. PRACTICAL MODULE: Introduction to Burp Suite Community
9. PRACTICAL MODULE: User Enumeration and Validation
10. PRACTICAL MODULE: Identifying and Exploiting Vulnerable Components
11. PRACTICAL MODULE: Identifying and Exploiting Configuration Mistakes
12. PRACTICAL MODULE: Session Management Security Issues
13. PRACTICAL MODULE: Identification and Exploitation of Authentication Vulnerabilities
14. PRACTICAL MODULE: Identifying and Exploiting Vulnerabilities in the File Upload Functionality
15. PRACTICAL MODULE: Identifying and Exploiting Cross-Site Scripting (XSS) and HTML Injection Vulnerabilities
16. PRACTICAL MODULE: Identifying and Exploiting SQL Injection Vulnerabilities
17. PRACTICAL MODULE: Identifying and Exploiting XML External Entities Injection (XXE) Vulnerabilities
18. PRACTICAL MODULE: Identifying and exploiting Cross-Site Request Forgery (CSRF) Vulnerabilities
1. PRACTICAL MODULE: Identifying and exploiting Remote Code Execution (RCE) Vulnerabilities
2. PRACTICAL MODULE: Identifying and Exploiting Command Injection Vulnerabilities
3. PRACTICAL MODULE: Identifying and Exploiting Open Redirect Vulnerabilities
4. PRACTICAL MODULE: Identifying and Exploiting Remote File Inclusion (RFI) and Local File Inclusion (LFI) Vulnerabilities
5. PRACTICAL MODULE: Identifying and Exploiting Server-Side Request Forgery (SSRF) Vulnerabilities
6. PRACTICAL MODULE: Identifying and Exploiting CSV/Formula Injection Vulnerabilities
7. PRACTICAL MODULE: Identifying and Exploiting Broken Access Controls and Insecure Direct Object Reference (IDOR) Vulnerabilities
8. PRACTICAL MODULE: Identifying and Exploiting Deserialization Vulnerabilities
9. PRACTICAL MODULE: Identifying and Exploiting CRLF Injection Vulnerabilities
10. PRACTICAL MODULE: Identifying and Exploiting Server-Side Template Injection (SSTI) Vulnerabilities
11. PRACTICAL MODULE: Identifying and Exploiting Host Header Injection Vulnerabilities
12. PRACTICAL MODULE: Identifying and Exploiting Specific GraphQL Vulnerabilities
13. PRACTICAL MODULE: Identifying and Exploiting Specific API Vulnerabilities
14. PRACTICAL MODULE: Automating manual checks/Automatizarea Verificărilor Manuale
15. PRACTICAL MODULE: Creating a Web Penetration Testing Report

About this course

1.575 lei (or aprox. 315 EUR)
2 days
Online

Enroll today to our Web Penetration Testing cours

1.575,00 Lei

(or aprox 315EUR)

Enroll now