TRAINING PROGRAMME



Web Application Penetration Testing

The outcome of this training is to perform penetration testing, assess identified web applications and find security vulnerabilities in-line with industry best practices. Participants will be able to apply both technical techniques and security best practices to conduct a web application penetration test, document vulnerabilities and produce comprehensive reports with recommended solutions.

 

  1. To define the scope of web application penetration testing and identify relevant activities required.
  2. To perform surveillance and information gathering.
  3. To Conduct and document the findings of web application penetration test using appropriate tools and software.
  4. To produce a report on the outcome of web application penetration testing.

 

  1. Managements, Administrators, and IT Security Personnel in-charge of security in their organizations.
  2. Individuals who wants to learn web application security and experience some hands-on penetration testing exercises.

Module 1: Defining the Scope

  1. Web Application Basic
  2. N-Tier Application Architecture
  3. Cyber Security Standards & Best Practices
  4. System Process Flow
  5. Attack Plan, Defenses/Obstacles & Attitude/Safety Practices
  6. Types of Vulnerabilities, Attacking Techniques & Full Access Requirements to Target Systems
Module 2: Reconnaissance/Information Gathering & Mapping
  1. Basics of Reconnaissance
  2. Types and Categories of Security Tools & Technologies for Reconnaissance & Information Gathering
  3. Reconnaissance & Information Gathering Processes (Reconnaissance & Mapping):
    • Components of the Target System
    • Component Relationship
    • Session Management
Module 3: Web Application Penetration Testing/Security Assessment
Vulnerability Discovery Techniques

Module 4: Remediation Strategy (Types of Vulnerabilities & Common Threats and Defend)
  1. SQL Injection & Blind SQL Injection
  2. Cross Site Scripting (XSS)
  3. Information Leakage and Improper Error Handling
  4. Sensitive Data Exposure
  5. Cross Site Request Forgery
  6. Failure to Restrict URL Access
  7. Remote File Include (RFI)
  8. Broken Authentication & Session Management
Module 5: Exploitation (Web Application Cyber Attacks)
  1. SQL Injection & Blind SQL Injection
  2. Cross Site Scripting (XSS)
  3. Information Leakage and Improper Error Handling
  4. Sensitive Data Forgery
  5. Failure to Restrict URL Access
  6. Remote File Include (RFI)
  7. Broken Authentication & Session Management
Module 6: Reporting

 

  • 20 - 22 February 2023
  • 22 - 24 May 2023
*dates are tentative, unless specified

 

MYR3,780.00 (subject to 6% SST)

Please click here to register


Contact us to request for a quotation

18 CPD Point

Please submit the Certificate of Completion to Global ACE Certification at www.globalace.org

Coming soon

 

Have any inquiries? Check out the FAQ