About this course

Course type Premium
Course code QAWHACK
Duration 2 Days
Special Notices

We recommend that all delegates are familiar with the principles of TCP/IP networking and have a working knowledge of Windows operating systems. It is essential that delegates have a good practical ‘hands-on’ experience of the Linux command line and Linux utilities. We recommend our Understanding Linux (Linux Primer) QALXPR-1 course.

This course teaches the attendees a wealth of hacking techniques to compromise the security of various web application components. The course starts from the very basic and gradually builds up to the level where attendees can not only use the tools and techniques to hack various components involved in web hacking, but also walk away with a solid understanding of the concepts on which these tools work. The course comprises of 2 days of web hacking and is taken from the Black hat course 'The Art of Hacking'.

Intended Audience:

System Administrators, Web Developers, SOC analysts, Penetration testers, network engineers, security enthusiasts and anyone who wants to take their skills to next level.

This course will be suitable for delegates interested in the SANS Institute course SEC542: Web App Penetration Testing and Ethical Hacking.

Prerequisites

There are no pre-requisites. However, we recommend that all delegates are familiar with the principles of TCP/IP networking and have a working knowledge of the Windows and Linux command line utilities.

Delegates will learn how to

This course familiarises the attendees with a wealth of tools and techniques needed to breach the security of web applications. The course starts from the very basic and gradually build up to the level where attendees can not only use the tools and techniques to hack various components involved in web application hacking, but also walk away with a solid understanding of the concepts on which these tools work. The course also covers the industry standards such as OWASP Top 10, PCI DSS and contain numerous real life examples to help the attendees understand the true impact of these vulnerabilities. This course is constantly updated on a regular basis to ensure that the latest exploits and vulnerabilities are available within the hacklab and taught in this course.

During the class, we will give you VPN access to our state-of-art hacklab which is hosted in our data centre in UK. Once you are connected to the lab, you will find all the relevant tools/VMs there. We also provide a dedicated Kali VM to each attendee on the hacklab.

Outline

Day 1:

  • Understanding HTTP protocol
  • Identifying the attack surface
  • Username Enumeration
  • Information Disclosure
  • Issues with SSL/TLS
  • Cross Site Scripting
  • Cross-Site Request Forgery


Day 2:

  • SQL Injection
  • XXE attacks
  • OS Code Injection
  • Local/Remote File include
  • Cryptographic weakness
  • Business Logic Flaws
  • Insecure File Uploads
Premium Course

2 Days

Duration
Delivery Method

Delivery method

Classroom

Face-to-face learning in the comfort of our quality nationwide centres, with free refreshments and Wi-Fi.

Find dates and prices

Online booking is currently not available for this course, to find out more please call us on 0345 074 7998 or email us at info@qa.com to discuss how we can help.

Trusted, awarded and accredited

Fully accredited to ensure we provide the highest possible standards in learning

All third party trademark rights acknowledged.