Full course

Web Application Penetration Testing

This course provides tools and methodology for conducting a security assessment of a web application using a "black box" approach, simulating the activities performed by a potential attacker. It includes practical exercises conducted on intentionally vulnerable apps.

Details

Course overview

The objective of this course is to provide participants with the knowledge and practical experience necessary to perform effective web application security assessments. Adopting a "black box" testing methodology, the training will guide participants through the process of evaluating the security posture of web applications, without requiring prior access to the underlying source code. Participants will be introduced to a suite of tools and techniques, enabling them to systematically uncover and address potential security weaknesses. The course features interactive exercises and real-world scenarios, ensuring that the learning experience is both engaging and immediately applicable in the field of application security. This course is aimed at auditors and security specialists.

Requirements

  • Basic knowledge of web application architecture and functioning

  • Interest in hacking and cybersecurity topics.

Course content

  • Introduction to application security: Basic concepts and principles of application security.

  • Overview of web application testing methodology: Introduction to the methodology for testing web applications.

  • Tools and Resources: Introduction to various tools, in particular Burp Suite, and resources available for conducting application security assessments.

  • Information Gathering & Configuration Management: Techniques for gathering information and managing configurations for security assessment purposes.


  • Testing Authentication Mechanisms: Strategies for assessing the security of authentication mechanisms.

  • Testing Authorization Mechanisms: Strategies for assessing the security of authorization mechanisms.

  • Identifying and Exploiting Application Logic vulnerabilities: Techniques for identifying and exploiting vulnerabilities in application logic.


  • Testing Session Management: Understanding session vulnerabilities, such as Cross-Site Request Forgery (CSRF) and session fixation, and how to test them.

  • Testing Input Validation Issues: Evaluation of security vulnerabilities related to input validation, such as SQL injection and Cross-Site Scripting (XSS).


  • Testing Client-Side Issues: Exploring client-side security vulnerabilities, such as CORS misconfigurations and Clickjacking, and how to test them.

  • Weak Cryptography Vulnerabilities: Identification and mitigation of vulnerabilities related to weak cryptographic implementations.

  • Denial of Service: Understanding application denial of service attacks and techniques for test them.

  • Bug Bounty Programs: Overview of Bug Bounty Programs and their role in enhancing application security.


Your instructor

  • TBD Senior Instructor

Other courses
  • Full course

    Build Secure Android Applications

    Defensive
    ~24 hours
    Online

    This intensive course, ideal for Android application developers, aims to demonstrate methods and approaches for developing secure Android native mobile apps. It includes practical exercises, based on Android applications.

    DISCOVER MORE
  • best-seller

    Full course

    Build Secure .NET Web Applications

    Defensive
    ~32 hours
    Online

    This intensive course, ideal for .NET application developers, aims to demonstrate methods and approaches for developing secure .NET web applications. It includes practical exercises, based on .NET web applications.

    DISCOVER MORE
  • Full course

    Build Secure iOS Applications

    Defensive
    ~24 hours
    Online

    This intensive course, ideal for iOS application developers, aims to demonstrate methods and approaches for developing secure iOS native mobile apps. It includes practical exercises, based on Android applications.

    DISCOVER MORE
  • best-seller

    Full course

    Build Secure Java Web Applications

    Defensive
    ~32 hours
    Online

    This intensive course, ideal for Java application developers, aims to demonstrate methods and approaches for developing secure Java web applications based on the Spring framework. It includes practical exercises, based on Java Spring web applications.

    DISCOVER MORE
  • Full course

    Build Secure PHP Web Applications

    Defensive
    ~32 hours
    Online

    This intensive course, ideal for PHP application developers, aims to demonstrate methods and approaches for developing secure PHP web applications. It includes practical exercises, based on applications developed in PHP.

    DISCOVER MORE
  • Full course

    Build Secure Web Applications

    Defensive
    ~32 hours
    Online

    This generic course, ideal for web developers, aims to demonstrate methods and approaches for developing secure software. During the course, the main errors leading to application vulnerabilities will be highlighted, along with techniques to prevent them.

    DISCOVER MORE
  • Full course

    Cloud Security Fundamentals

    Fundamentals
    ~16 hours
    Online

    This course is designed to train participants on the security issues related to cloud services. The course will cover the main security threats as well as best practices for proactively defend cloud assets (infrastructure, applications, etc.).

    DISCOVER MORE
  • Full course

    Cyber Security Fundamentals

    Fundamentals
    ~24 hours
    Online

    This awareness course aims to provide theoretical foundations of cybersecurity through a comprehensive coverage of associated topics. Starting from the fundamentals of cybersecurity, participants will learn key concepts through theoretical discussions and real-life examples.

    DISCOVER MORE
  • Full course

    Ethical Hacking Fundamentals

    Fundamentals
    ~32 hours
    Online

    This course provides tools and methodology for conducting a security assessment through a comprehensive coverage of associated topics. Starting from the basics of cybersecurity, participants will learn key concepts through theoretical discussions and practical exercises drawn from real-life.

    DISCOVER MORE
  • Full course

    Mobile Application Penetration Testing

    Offensive
    ~32 hours
    Online

    This course provides tools and methodology for conducting a security assessment of a mobile application using a "black box" approach, simulating the activities performed by a potential attacker. It includes practical exercises conducted on intentionally vulnerable apps.

    DISCOVER MORE