description
course
The material of this course will allow listeners to study the principles, mechanisms, and tools for conducting pentest – penetration testing in Web-applications. This course considers pentest as one of the processes necessary for building corporate cyber security architecture, so it also raises methodological issues of pentest organization, as well as the use of data obtained as a result of pentest.
course audience
Engineers conducting penetration tests; Engineers designing corporate cyber security architecture.
prerequisites
General cyber security knowledge at the ANT0000 course level, knowledge of TCP/IP networking at the ANT-N101 course level are required. Knowledge of threat modeling at the ANT0052 course level is recommended.
how it works
education
online course
The online course involves group classes with an instructor via video conferencing, in addition, homework and an exam.
for corporate clients
training for corporate clients includes online and self-study courses, as well as additional services required by corporate clients: organizing training plans for client departments, assessing the effectiveness of training, etc.
teacher
course
program
course
• Pentest in the frame of corporate cyber security infrastructure.
• Cycle of life of cyber-attacks.
• Cyber-attack models.
• Pentest tools.
• Pentest result processing.
• Scanning targets and detecting vulnerabilities for a cyber-attack.
• Selecting right tools and methods for a cyber-attack.
• Data encodings.
• Web-servers.
• Web-clients.
• Browser extensions.
• “Active” content.
• Progressive Web App architecture.
• Attacks on Web-applications. OWASP top 10.
• Proxy-services.
• Analyzing Web-traffic and data extraction.
• Exploiting errors in authorization and file handling rules.
• Exploiting logical errors in Web-applications.
• Exploiting errors in CMS settings and vulnerabilities.
• Organizing malicious injection of Web-applications into OS.
• Hijacking HTTP sessions and cookie data.
• Bypassing HTTPS/TLS encryption.
• Gaining access to Web-application accounts.
• Organizing cyber-attacks on SSO-type authentication systems.
• Exploiting Web-applications through SQL-injections.
• Organizing cyber-attacks on Web-application databases.
• Organizing cyber-attacks of SSRF type.
• Organizing cyber-attacks on cloud services.
• Organizing cyber-attacks of XXE type.
• Organizing cyber-attacks of CSRF type.
• Organizing cyber-attacks of Clickjacking type.
• Running executable code in the Web-application OS.
• Escalation of account privileges.
• Extending control over other systems during a cyber-attack.
• Deleting traces of a cyber-attack.
• Managing risks based on data identified by a pentest.
• Modernizing corporate vulnerability accounting program.
• Modernizing strategic cyber security metrics.
Сourse purchase
options
individual
Cost — $1,550.00
Group online classes
Unlimited access to all the materials
Live webinars with teachers
Homework
Exam with certificate
To confirm course dates fill out the form.
SUBMIT YOUR APPLICATION
corporate
Cost от $1,550.00
To obtain information about the final cost and clarify the date of the course, please fill out the form.
SUBMIT YOUR APPLICATION
