TRAINING PROGRAMME
Web Application Penetration Testing
The outcome of this training is to perform penetration testing, assess identified web applications and find security vulnerabilities in-line with industry best practices. Participants will be able to apply both technical techniques and security best practices to conduct a web application penetration test, document vulnerabilities and produce comprehensive reports with recommended solutions.
- To define the scope of web application penetration testing and identify relevant activities required.
- To perform surveillance and information gathering.
- To Conduct and document the findings of web application penetration test using appropriate tools and software.
- To produce a report on the outcome of web application penetration testing.
- Managements, Administrators, and IT Security Personnel in-charge of security in their organizations.
- Individuals who wants to learn web application security and experience some hands-on penetration testing exercises.
Module 1: Defining the Scope
- Web Application Basic
- N-Tier Application Architecture
- Cyber Security Standards & Best Practices
- System Process Flow
- Attack Plan, Defenses/Obstacles & Attitude/Safety Practices
- Types of Vulnerabilities, Attacking Techniques & Full Access Requirements to Target Systems
- Basics of Reconnaissance
- Types and Categories of Security Tools & Technologies for Reconnaissance & Information Gathering
- Reconnaissance & Information Gathering Processes (Reconnaissance & Mapping):
- Components of the Target System
- Component Relationship
- Session Management
Vulnerability Discovery Techniques
Module 4: Remediation Strategy (Types of Vulnerabilities & Common Threats and Defend)
- SQL Injection & Blind SQL Injection
- Cross Site Scripting (XSS)
- Information Leakage and Improper Error Handling
- Sensitive Data Exposure
- Cross Site Request Forgery
- Failure to Restrict URL Access
- Remote File Include (RFI)
- Broken Authentication & Session Management
- SQL Injection & Blind SQL Injection
- Cross Site Scripting (XSS)
- Information Leakage and Improper Error Handling
- Sensitive Data Forgery
- Failure to Restrict URL Access
- Remote File Include (RFI)
- Broken Authentication & Session Management
- 20 - 22 February 2023
- 22 - 24 May 2023
18 CPD Point
Please submit the Certificate of Completion to Global ACE Certification at www.globalace.org
Coming soon
Have any inquiries? Check out the FAQ