Advanced Web Application Pentesting Course - AWEB


This course is focused on advanced techniques for performing web applications penetration testing in highly secure environment. Our course has been developed around professional penetration testing and security awareness in the business and IT fields.

During the course, we will explore more advanced ways of exploiting web application vulnerabilities through cross-site scripting, SQL injections, insecure file handling and insecure inclusions. We will also learn how to attack XML parsers, how to perform efficient deserialization attacks and finally we will perform some advanced attacks, such as web cache poisoning, DNS rebinding and request smuggling.
To make sure that all participants gain the application penetration testing concepts and knowledge, our classes have an intensive hands-on labs format. The exercises will be performed on CQURE’s custom-built lab environment. When the training concludes, you will receive an additional 3-week access to our labs so you may continue to practice with our detailed instructions.

The knowledge used to prepare the unique content of this amazing course has been gathered during tons of penetration testing projects all around the world by CQURE’s world-renowned Experts. The training will allow you to prepare for penetration testing projects or red team exercises.
Every exercise is supported by lab instructions and multiple tools, both traditional and specialized. This intense course covers advanced aspects of web application Pentesting – we highly recommend you to follow the prerequisites provided below before registering for this training, so you can keep up with the group.

error_outline Wichtige Information

Dieses Seminar wird in ENGLISCH gehalten!

expand_more chevron_right Zielgruppe

  • Penetration testers, red teamers
  • Windows network administrators
  • security professionals
  • systems engineers
  • IT professionals
  • web application developers
  • security consultants and other people responsible for implementing infrastructure security

    expand_more chevron_right Vorkenntnisse

    You should have at least 5 years of experience in cybersecurity field and have considerable web application development experience to attend this training or have successfully completed one of the following CQURE Academy courses: To attend this training you should have experience in web application creation. You have to have knowledge of basic web building blocks, such as HTML, JavaScript and CSS. Please make sure that before you attend this training you are already fully familiar with concepts taught in the Masterclass: Web Application Pentesting Course.

    expand_more chevron_right Detail-Inhalte

    Module 1: Advanced Cross Site Scripting
    • Attacking frameworks
    • Mutation based XSS
    • Encoding attacks
    • Polygots

    Module 2: Advanced SQL injection
    • Blind SQL injections
    • Second order SQL injections
    • Side-channel data exfiltration
    • Bypassing filtering
    • NoSQL injections

    Module 3: Advanced Insecure file handling
    • Overwriting server configuration files
    • ZIP bombs
    • Attacking underneath filesystem

    Module 4: Acting on victim’s behalf
    • Clickjacking attacks
    • CSRF attacks
    • Open Redirects
    • Server Side Request Forgery (SSRF)
    • Exfiltrating cloud secrets

    Module 5: Attacking XML parsers
    • What are XML eXternal Entities (XXE)
    • Blind attacks
    • Data exfiltration
    • XXE across web languages

    Module 6: Advanced Insecure inclusions
    • Subdomains take over
    • Relative Path Overwrite
    • Data exfiltration using CSS

    Module 7: Web Sockets security
    • What are web sockets
    • How to test web sockets
    • Cross Site WebSocket Hijacking

    Module 8: Deserialization attacks
    • What is insecure deserialization
    • Deserialization attacks in PHP
    • Deserialization attacks in ASP.NET
    • Deserialization attacks in Python

    Module 9: Advanced attacks
    • Web Cache Poisoning
    • Web Cache Deception
    • Request Smuggling
    • DNS rebinding
    • XS-Leaks


      Durch Angabe Ihrer E-Mail-Adresse und Anklicken des Buttons „Newsletter abonnieren“ erklären Sie sich damit einverstanden, dass ETC Ihnen regelmäßig Informationen zu IT Seminaren und weiteren Trainings- und Weiterbildungsthemen zusendet. Die Einwilligung kann jederzeit bei ETC widerrufen werden.

    Ähnliche Seminare