Web Penetration Testing
- 4 Days Course
- Language: English
Introduction:
This hands-on live training is designed to take you from beginner to confident web application pentester with no prior hacking experience required. You’ll gain a solid foundation in how web apps work, how to find and exploit common vulnerabilities, and how to think like an attacker.
The primary focus is learning by doing, with each module focusing on real-world techniques. You will also receive 12-months access to the full on-demand version of the course to support the reinforcement of classroom learning objectives.
This course includes two Exam Vouchers for TCM Security’s Practical Web Pentest Associate (PWPA) and Practical Web Pentest Professional (PWPP) certifications. Each exam voucher includes 1 exam attempt and is valid for 12-months from the course completion date.
Objectives:
The fundamental architecture and functionality of web applications
Common server-side vulnerabilities and attack techniques
Client-side attack methods and exploitation tactics
Scanning tools and techniques used to identify and execute advanced web application attacks
Course Outline:
Day 1 – How Web Apps Work
- Introduction
- How Web Apps Work
- Intro to HTTP
- Broken Authentication
- Broken Access Control
- SQL Injection
Day 2 – Server-Side Attacks
- SQL Injection
- Command Injection
- XML External Entity (XXE) Injection
- Directory Traversal
Day 3 – Server-Side Attacks and Client-Side Attacks
- File Upload
- Server-Side Request Forgery (SSRF)
- Cross-Site Scripting (XSS)
- Cross-Site Request Forgery (CSRF)
Day 4 – Scanning and More Advanced Attacks
- Scanning, Filter Bypasses, WAF Bypasses
- Logic Bugs
- Building a Methodology
- Performing a Web App Pentest
Enroll in this course
$2,699.00
