Objectives

• This curriculum introduces you to Web Application Hacking.
• Practical focus
• Learn how web application security flaws are found
• Discover leading industry standards and approaches
• Use this foundation to enhance your knowledge
•  Prepare for more advanced web application topics

Outline

Day 1

Information gathering, profiling and cross-site scripting

• Understand HTTP protocol
• Identify the attack surface
• Username enumeration
• Information disclosure
• Issues with SSL / TLS
• Cross-site scripting

Day 2

Injection, flaws, files and hacks

• SQL injection
• XXE attacks
• OS code injection
• Local/remote file include?
• Cryptographic weakness
• Business logic flaws
• Insecure file uploads

Target Audience

• System administrators
• Web developers
• SOC analysts
• Penetration testers
• Network engineers
• Security enthusiasts
• Anyone who wants to take their skills to the next level

Prerequisites

Before attending the Web Hacking Check Point Certified PenTesting Expert course, you should have:

• Laptop with Windows Operating System installed (either natively or running in a VM)
• Administrative access to perform tasks such as installing software, disabling antivirus etc..
• Ethernet/wired network for this class (Or supported adapter).