fbpx
course-banner.jpg

ICSI | Certified Web Penetration Tester (CWPT)

The course teaches web penetration testing and illustrates how to think like an attacker and which tools are used in order to perform a web penetration testing. Students will also learn to report the results of the web penetration testing.

3 Days
From £480.00 incl. VAT

Live online events

3 days, 09:00 AM GMT - 05:00 PM GMT

Online

  • £900.00 incl. VAT

3 days, 09:00 AM GMT - 05:00 PM GMT

Online

  • £900.00 incl. VAT

3 days, 09:00 AM BST - 05:00 PM BST

Online

  • £900.00 incl. VAT

This product includes eLearning for 1 year, 6 months lab access along with Mock Exam, CWPT Exam Voucher.

  • £480.00 incl. VAT

Description

The course teaches web penetration testing and illustrates how to think like an attacker and which tools are used in order to perform a web penetration testing. Students will also learn to report the results of the web penetration testing.

Accreditation

Audience Profile

  • Penetration testers
  • Ethical hackers
  • Web application developers
  • Website designers, architects, and developers

Prerequisites

Basic familiarity with networking and Linux operating system.

What's included

  • Study Guide
  • Experienced CWPT Instructor
  • 24-hr remote access to a virtual lab for 6 months
  • Complimentary access to eLearning content
  • Mock Exam
  • Exam Voucher
  • Online Resources
  • Certificate on Completion
  • Refreshments (Classroom training)

Exam Details

  • Exam Code: CPT-WEB
  • Type of Questions: Hands-On Multiple Choice
  • Duration: 2 Hours
  • Passing Score: 70%
  • Exam Voucher Included

Course Outline

Module 1: HTTP Protocol Overview

Lessons:

  • Important HTTP Methods
  • HTTP Status Codes
  • Cookies
  • Web Application Architecture
  • OWASP Top 10

Labs

  • Detecting HTTP Methods
  • Exploiting the PUT Method

Module 2: Web Vulnerability Scanners and Proxies

Lessons:

  • Burp Proxy
  • OpenVas
  • Nikto, Wapiti

Labs

  • Using Nikto
  • Web Vulnerability Scanners

Module 3: Profiling the Web Server

Lessons:

  • Nmap
  • Metasploit Auxiliary Modules

Labs

  • Scanning the Web Server

Module 4: Injection

Lessons:

  • Command Injection
  • SQL Injection
  • Mitigation of Injection

Labs

  • Authentication Bypass
  • SQL Injection

Module 5: Broken Authentication

Lessons:

  • Authentication Protocols and Weaknesses
  • Username Enumeration
  • Attacking Tomcat’s Password with Metasploit
  • Brute Forcing Credentials with Hydra
  • Mitigation of Broken Authentication

Labs:

  • Using Tomcat Manager to Execute Code
  • Username Enumeration and Brute Forcing

Module 6: Sensitive Data Exposure

Lessons:

  • Plaintext Protocols and Data Exposure
  • Mitigation of Sensitive Data Exposure

Labs:

  • Taking Advantage of the robots.txt file
  • Finding Sensitive Data on Web Applications

Module 7: XML External Entities (XXE)

Lessons:

  • XXE External Entities
  • Mitigation of XML External Entities (XXE)

Labs:

  • XXE Exploitation

Module 8: Broken Access Control

Lessons:

  • Directory Traversal Overview
  • Mitigation of Broken Access Control

Labs:

  • Remote File Inclusion
  • Local File Inclusion
  • Attacking Path Traversal

Module 9: Security Misconfiguration

Lessons:

  • Understanding Security Misconfiguration
  • Using Dirb to detect Security Misconfiguration Issues
  • Mitigation of Security Misconfiguration

Labs:

  • Security Misconfiguration

Module 10: Cross-Site Scripting (XSS)

Lessons:

  • Types of Cross-Site Scripting
  • Using Burp to Test for XSS Vulnerabilities
  • Mitigation of Cross-Site Scripting (XSS)

Labs

  • Reflected Cross Site Scripting (XSS)
  • Stored XSS – Stealing User Cookie
  • Exploiting Stored XSS Using the Header
  • Identifying XSS Vulnerabilities

Module 11: Using Components with Known Vulnerabilities

Lessons:

  • Examples
  • Searching for Vulnerabilities
  • Mitigation of Using Components with Known Vulnerabilities

Review Questions

Labs:

  • Identifying Web App Vulnerabilities

Our registered and postal address is:
The Pinnacle, Office 203, 170 Midsummer Boulevard, Milton Keynes, MK9 1BP

ICSI LTD is registered in England No. 8680530