1 / 5

Live Online Training Program on Web Application Security Testing

Hack2Secure’s Workshop on Web Application Security Testing provides hands-on exposure using both Real-Time scenarios and Simulated Lab environment to required Tools and Techniques on different Web Security Risk and Attack vectors.<br>

NaveenK
Download Presentation

Live Online Training Program on Web Application Security Testing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Web Application Security Testing Live Online | Evening Batch | 42 Hours, 7 Weeks, Tuesday & Thursday | July – August 2017 WASD Exam Attempt | 42 CPEs | Online LAB Access | Session Recording | Email Support Hack2Secure’s Workshop on Web Application Security Testing provides hands-on exposure using both Real-Time scenarios and Simulated Lab environment to required Tools and Techniques on different Web Security Risk and Attack vectors. Scoped around OWASP Web Application Security Testing Guide, these intensive practical sessions provides deep-dive on required practical tips and tricks to evaluate, test and assess Security of Web Application. Key Take Away Active and Passive Reconnaissance methods Google Hacking and Deep-Web SSL/TLS Handshake and Testing methods Scanning, Fingerprinting and Spidering Authentication, Accountability Session Management and related Attacks Cross Site Request Forgery Python and Java Script for Security Testers What You Will Receive SQL Injection File Inclusion Vulnerabilities Cross Site Scripting Format String Vulnerabilities and Web Application Filters & Firewalls W3af, Nikto Metasploit Framework BeEF, XSSer, SQLmap, Nmap, Recon-ng Burp Suite and Zed Attack Proxy (ZAP) Authorization Who Should Attend Soft Deliverables oProgram Slides & Lab Guides oReference Documents oTools [Open Source Only] Online Lab Access [3 Months] oVulnerable Web Server to explore & Practi- cal use-cases Recorded Session Access [6 Months] WASD Exam Voucher o1 Attempt, 6 months Validity oGlobally Proctored and Delivered by Pearson VUE Post-Session Email based Support oQuery Resolution with Instructor Security Team/Office oSecurity Engineers and Testers oApplication/Software Security Analyst oApplication/Software Penetration Testers oSecurity Managers, Consultants, Auditors Research & Development Team oArchitects, Developers oSoftware Testing Team (QA) oSoftware Consultants, Research Engineers oTeam Leads, Technical Managers Students oLooking to pursue career in We Application Security Assessment/Testing Anyone, who wants to explore Web Application Security Testing Tools, Techniques and Practices www.hack2secure.com| training@hack2secure.com For more details,

  2. Live Online | Evening Batch | 42 Hours, 7 Weeks, Tuesday & Thursday | July – August 2017 WASD Exam Attempt | 42 CPEs | Online LAB Access | Session Recording | Email Support Schedule Week# Date Day Tuesday Thursday Tuesday Thursday Tuesday Thursday Tuesday Thursday Tuesday Thursday Tuesday Thursday Tuesday Thursday Duration 3 hours 3 hours 3 hours 3 hours 3 hours 3 hours 3 hours 3 hours 3 hours 3 hours 3 hours 3 hours 3 hours 3 hours Time 18th July 2017 20th July 2017 25th July 2017 27th July 2017 01st Aug 2017 03rd Aug 2017 08th Aug 2017 10th Aug 2017 15th Aug 2017 17th Aug 2017 22st Aug 2017 24rd Aug 2017 29th Aug 2017 31st Aug 2017 7:30 PM – 10:30 PM EDT 7:30 PM – 10:30 PM EDT 7:30 PM – 10:30 PM EDT 7:30 PM – 10:30 PM EDT 7:30 PM – 10:30 PM EDT 7:30 PM – 10:30 PM EDT 7:30 PM – 10:30 PM EDT 7:30 PM – 10:30 PM EDT 7:30 PM – 10:30 PM EDT 7:30 PM – 10:30 PM EDT 7:30 PM – 10:30 PM EDT 7:30 PM – 10:30 PM EDT 7:30 PM – 10:30 PM EDT 7:30 PM – 10:30 PM EDT Week#1 Week#2 Week#3 Week#4 Week#5 Week#6 Week#7 Pre-Requisites Awareness on Software/Application Development Methodologies Basic understanding of Web Technologies and Programming Languages Basic Protocol functionality of Protocols especially HTTP Basic knowledge of UNIX & WINDOWS Operating System Laptop Required Hack2Secure will provide access to its Cloud based Lab Environment including access to Vulnerable Web Server and required Security Tools. To access same, Students are required to have sufficient configuration supporting Laptop and Internet Speed. Minimum Student Laptop/System Configuration Operating System oWindows 7, 8, 8.1, 10 oUnix (Ubuntu) RAM: Min. 4 GB (Recommended) Other Min. Internet Speed: 8 Mbps www.hack2secure.com| training@hack2secure.com For more details,

  3. Detailed Curriculum & Lab Scope TheHarvester & Recon-Ng for Information Gathering HTtrack for Website Mirroring Module#1: Building the Base [Concepts, Processes & Methodologies] Understanding the Web Importance of Web Application Security Web 2.0 & Related Concerns Web Application Security Testing (WAST): Current Approach Introducing Web Proxies: Burp Suite & ZAP HTTP Protocol oHistory, Versions oRequest Methods, Status Codes Web Sockets: Introduction HTTPS Protocol oIntroduction, SSL/TLS handshake oTesting Methods oVulnerability Case Study: HeartBleed OWASP WAST Guide: Walkthrough OWASP Top10 (2013 & 2017) Web Application Security Risk: Walkthrough Scoped LAB Walkthrough BurpSuite & ZAP interfaces Using BurpSuite to analyse HTTP Request & Re- sponse SSL Handshake Analysis with Wireshark SSL/TLS Security Testing using OpenSSL, SSLScan and NMAP SSL related Scripts Testing HeartBleed Vulnerability Module#3: Looking for Entry Point [Scanning, Fingerprinting & Spidering] Scanning: Identifying Services & Configurations Fingerprinting Web Server Software Configuration level flaws Vulnerability Case Study: ShellShock Spidering/Crawling Fuzzing: About, What to Look for Directory Browsing Scoped LAB Exploring NMAP for different Scan Options Testing HTTP methods with Netcat Server Scan with Nikto Testing Shellshock Vulnerability Burp Suite (Spidering), Wappalyzer, CeWL Fuzzing with FuzzDB & Burp Suite (Intruder) to explore Files & Locations Using Dirbuster & ZAP to explore hidden Directories Google to Search hidden Public directories Module#4: Analyzing A.A.A. Concerns About Authentication, Different Schemes Username Harvesting, Cracking Weak Passwords Side Channel & Timing Attacks Browser Cache Weakness Single Sign-On About Authorization Insecure Direct Object References Directory Traversal Attacks About Accountability Error Code Analysis Scoped LAB Using ZAP to explore different Authentication Schemes and Username harvesting Brute Forcing Weak Passwords Exploiting Insure Direct Object References Exploiting Directory Traversal Vulnerability Module#5: Session Management Stateless Nature of HTTP Introducing “Sessions” & Tracking Methods oSession Tokens or SessionID oSession Fixation & Hijacking Module#2: Casual Leakage Points [Reconnaissance] Why Information Gathering DNS Protocol: oOverview, Working, Zone Transfers Open Source Intelligence Exploring Google Search oKeywords & Filters Google Hacking Database (GHDB) Exploring Deep-Web Information Leakage from Public Sources Website Mirroring Scoped LAB WHOIS analysis DNS Scan with Nslookup, DNSRecon, NMAP DNS related NSE Scripts Metasploit for DNS Scan Google Filters & Hacking Database Setting-up Lab for Deep-Web exploration SHODAN to explore Devices on Network www.hack2secure.com| training@hack2secure.com For more details,

  4. JSON oSession Tampering, Splitting & Smuggling Securing Cookies: Flags & Attributes Cross Site Request Forgery Scoped LAB Using Burp Suite (Sequencer) to analyze Session Randomness Exploring Session Tampering, Fixation & Hijack- ing Attacks Exploring Session Splitting & Smuggling Attacks Use Case of Secure Cookie Flags & Attributes XSRF Attack demonstration Module#6: Python & Java Script for Pen-Testers Python & Java Script: Primer Crafting HTTP Request & Attack scenarios with Python & Java Script [LAB] Module#7: Injection Attacks Command Injection: About, Root Cause [Local/Remote] File Inclusion Vulnerability SQL Query: Primer SQL Injection (SQLi) oAbout, Root Cause, Analysis, Types oScoping Attacks with SQLi Scoped LAB Explore Command Injection Vulnerability Explore LFI/RFI Vulnerability Explore different SQLi Detection methods, Attacks & Use Cases Using BBQSQL & SQLMAP for exploiting SQLi flaw Using BBQSQL & SQLMAP for exploiting SQLi flaw Using Havij for SQLi Module#8: Cross Site Scripting (XSS) Document Object Model (DOM) XSS oOverview, How it Works, Types oTesting Methods, Attack Scope Same Origin Policy HTML Injection XSS with POST AJAX oOverview, XMLHttpRequest, Mash-Ups oLibraries/Frameworks & related Flaws oOverview, Attacks oXSS on AJAX JSON Objects Scoped LAB XSSer, XSSsniper, XSScrapy, BeEF to explore XSS Vulnerability Using Burp Suite (Intruder) to Fuzz with XSS Inputs Exploring HTML Injection Exploring XSS in AJAX & JSON Objects Module#9: Buffer Overflow Attacks Heap & Stack Overflow Format String Vulnerabilities [LAB] Module#10: Scanners & Frameworks W3af [LAB] Metasploit Framework [LAB] Module#11: Web Application Filters and Firewall (WAF) Web Application Defenses: Filtering & Firewall Filtering o.NET & ESAPI Filtering Options Web Firewall oTypes, Detection & Attack methods Scoped LAB Exploring filtering & WAF more in detail Exploring ModSecurity Attack Detection mecha- nism Using BurpSuite Intruder & FuzzDB list to finger- print ModSecurity www.hack2secure.com| training@hack2secure.com For more details,

  5. Web Application Security Defender Evaluate your Skills in Web Application Security Assessment Globally Available | Proctored | 180 mins. | 90 MCQ |Passing Grade: 60% | Exam Language: English Web Application Security Defender (WASD) Certificate program evaluates individual's implementation level skills required for Web Application Security Assessment. This program ensures candidate's awareness on Application Security Challenges, Risk, Tools, Techniques and methodologies along with hands-on practical level knowledge and skill-sets. WASD is based on Application Security Industry Standards and Best Practices and ensures Knowledge and Understanding of Secure Web Application Assessment requirements. It walks throughdifferent phases/domains of Application Security Testing and provide required practical strategies and methodologies to evaluate Security at every level. Benefits Attempt to WASD Exam is included as part of Web Application Security Testing Live Online program from Hack2Secure 1 Attempt | 6 months Voucher Validity Delivered globally at Pearson VUE Authorized Test Centres Validates your practical expertise and knowledge in Web Application Security Assessment Get Global Recognition and Credibility Ensures Real Time skills required to handle Web Application Security Risk Demonstrate knowledge Standards and Best Practices Ensures effective skills to measure and implement Security Controls of Industry To Schedule WASD Exam, www.pearsonvue.com/hack2secure www.hack2secure.com/wasd For more details, visit www.hack2secure.com | certificate@hack2secure.com

More Related