ANT0405

Pentest of WEB-applications

Duration of training: 5 days

sign up for a course

description
course

The material of this course will allow listeners to study the principles, mechanisms, and tools for conducting pentest – penetration testing in Web-applications. This course considers pentest as one of the processes necessary for building corporate cyber security architecture, so it also raises methodological issues of pentest organization, as well as the use of data obtained as a result of pentest.

course audience

Engineers conducting penetration tests; Engineers designing corporate cyber security architecture.

prerequisites

General cyber security knowledge at the ANT0000 course level, knowledge of TCP/IP networking at the ANT-N101 course level are required. Knowledge of threat modeling at the ANT0052 course level is recommended.

how it works
education

online course

The online course involves group classes with an instructor via video conferencing, in addition, homework and an exam.

for corporate clients

training for corporate clients includes online and self-study courses, as well as additional services required by corporate clients: organizing training plans for client departments, assessing the effectiveness of training, etc.

teacher
course

program
course

• Pentest goals and objectives.
• Pentest in the frame of corporate cyber security infrastructure.
• Cycle of life of cyber-attacks.
• Cyber-attack models.
• Pentest tools.
• Pentest result processing.
• Utilizing open source information. OSINT.
• Scanning targets and detecting vulnerabilities for a cyber-attack.
• Selecting right tools and methods for a cyber-attack.
• HTML and HTTP.
• Data encodings.
• Web-servers.
• Web-clients.
• Browser extensions.
• “Active” content.
• Progressive Web App architecture.
• Attacks on Web-applications. OWASP top 10.
• Organizing web-traffic interception.
• Proxy-services.
• Analyzing Web-traffic and data extraction.
• Organizing DoS-attacks on Web-applications.
• Exploiting errors in authorization and file handling rules.
• Exploiting logical errors in Web-applications.
• Exploiting errors in CMS settings and vulnerabilities.
• Organizing malicious injection of Web-applications into OS.
• Hijacking HTTP sessions and cookie data.
• Bypassing HTTPS/TLS encryption.
• Gaining access to Web-application accounts.
• Organizing cyber-attacks on SSO-type authentication systems.
• Exploiting Web-applications through SQL-injections.
• Organizing cyber-attacks on Web-application databases.
• Organizing cyber-attacks of SSRF type.
• Organizing cyber-attacks on cloud services.
• Organizing cyber-attacks of XSS type.
• Organizing cyber-attacks of XXE type.
• Organizing cyber-attacks of CSRF type.
• Organizing cyber-attacks of Clickjacking type.
• Extracting data.
• Running executable code in the Web-application OS.
• Escalation of account privileges.
• Extending control over other systems during a cyber-attack.
• Deleting traces of a cyber-attack.
• Threat model and pentest results.
• Managing risks based on data identified by a pentest.
• Modernizing corporate vulnerability accounting program.
• Modernizing strategic cyber security metrics.

Сourse purchase
options

individual

Cost — $1,550.00

Group online classes

Unlimited access to all the materials

Live webinars with teachers

Homework

Exam with certificate

To confirm course dates fill out the form.

SUBMIT YOUR APPLICATION

* By clicking “send”, you agree to the Terms of Service And Privacy Policy

corporate

Cost от $1,550.00

To obtain information about the final cost and clarify the date of the course, please fill out the form.

SUBMIT YOUR APPLICATION

* By clicking “send”, you agree to the Terms of Service And Privacy Policy