Currently Empty: £ 0.00
About Course
Overview
Websecure360 Academy offers comprehensive training in Web Application Penetration Testing across multiple locations including the UK, India, and Mozambique. The course is designed to equip participants with the necessary skills, tools, and techniques to conduct thorough security tests of web applications and prepare for the Web Application Penetration Tester (WAPT) certification.
Key Features
- Hands-On Training: Practical learning experience focusing on real-world application.
- Certification Preparation: Training aligned with Web Application Penetration Testing certification exam blueprints.
- Real Devices: Utilization of actual devices for practical exposure, avoiding simulator software.
- Full-Time Lab Facility: Access to extensive lab facilities for hands-on practice.
Training Locations
UK: Primary training center with the largest training lab.
India: Comprehensive training programs.
Mozambique: Specialized courses available.
Global Online Training
Course Curriculum
The curriculum is meticulously designed to match the latest syllabus provided for Web Application Penetration Testing and prepare candidates for the certification exam.
- Overview of web application vulnerabilities
- Understanding the OWASP Top Ten
- Installation and configuration of tools
- Working with real devices for practical exposure
- Site Mapping & Web Crawling
- Server & Application Fingerprinting
- Identifying the Entry Points
- Page Enumeration and Brute Forcing
- Looking for Leftovers and Backup Files
- Authentication Scenarios
- User Enumeration
- Guessing Passwords – Brute Force & Dictionary Attacks
- Default Users/Passwords
- Weak Password Policy
- Direct Page Requests
- Parameter Modification
- Password Flaws
- Locking Out Users
- Lack of SSL at Login Pages
- Bypassing Weak CAPTCHA Mechanisms
- Login without SSL
- Role-Based Access Control (RBAC)
- Authorization Bypassing
- Forceful Browsing
- Client-Side Validation Attacks
- Insecure Direct Object Reference
- Input Validation Techniques
- Blacklist vs. Whitelist Input Validation Bypassing
- Encoding Attacks
- Directory Traversal
- Command Injection
- Code Injection
- Log Injection
- XML Injection – XPath Injection | Malicious Files | XML Entity Bomb
- LDAP Injection
- SQL Injection
- Common Implementation Mistakes – Authentication Bypassing Using SQL Injection
- Cross-Site Scripting (XSS)
- Reflected vs. Stored XSS
- Special Characters – ‘ & < >, Empty
- Path Traversal
- Canonicalization
- Uploaded Files Backdoors
- Insecure File Extension Handling
- Directory Listing
- File Size
- File Type
- Malware Upload
- Session Management Techniques
- Cookie-Based Session Management
- Cookie Properties
- Secrets in Cookies, Tampering
- Exposed Session Variables
- Missing Attributes – httpOnly, Secure
- Session Validity After Logoff
- Long Session Timeout
- Session Keep Alive – Enable/Disable
- Session ID Rotation
- Session Fixation
- Cross-Site Request Forgery (CSRF) – URL Encoding
- Open Redirect
- Information Leak
- Authentication Scenarios
- User Enumeration
- Guessing Passwords – Brute Force & Dictionary Attacks
- Default Users/Passwords
- Weak Password Policy
- Direct Page Requests
- Parameter Modification
- Password Flaws
- Locking Out Users
- Lack of SSL at Login Pages
- Bypassing Weak CAPTCHA Mechanisms
- Login without SSL
- Web Services Assessment
- Web Service Testing
- OWASP Web Service Specific Testing
- Testing WSDL
- SQL Injection to Root
- Local File Inclusion (LFI) and Remote File Inclusion (RFI)
Certification
- Web Application Penetration Tester (WAPT): The course prepares candidates to successfully earn the WAPT certification on their first attempt.
Additional Training Opportunities
- Networking Project Based Industrial Training: Practical projects and industrial training opportunities.
- Summer Training Programs: Intensive summer training sessions available in the UK.
Why Choose Websecure360 Academy?
- Recognized as one of the best training institutes globally.
- Largest training lab in the UK.
- Focus on practical, hands-on learning with real devices.
- Comprehensive preparation for the latest certification exams.
Course Content
Instructors
No Review Yet
- All Levels
- May 26, 2024
- Certificate of completion
