655 Business Centre Milton Keynes MK14 6GD
+44 (0) 1908 041 680
STUDENT LOGIN
 

ICSI | Certified Web Penetration Tester (CWPT)

This course is based on Open Web Application Security Project (OWASP) Top Ten which is widely recognized as a powerful awareness document that represents a broad consensus among security experts about the most critical security risks to web applications.
Price & Plans
bt_bb_section_bottom_section_coverage_image
https://icsiglobal.com/wp-content/uploads/2020/08/floating_image_04.png

Why choose the ICSI | Certified Web Penetration Tester?

This course is designed to educate those who develop, administer and secure web applications about the most common web application security vulnerabilities, the potential impact of exploiting these weaknesses and basic approaches to mitigating web application security risks.
https://icsiglobal.com/wp-content/uploads/2020/08/background_video_01.jpg

Accreditation

https://icsiglobal.com/wp-content/uploads/2022/03/crest-atp-320x197.png
bt_bb_section_bottom_section_coverage_image
  • Curriculum
  • Duration and Delivery
  • What's included
  • Price

Curriculum

What you'll learn

Course ICSI | Certified Web Penetration Tester

Module 1: HTTP Protocol Overview

Lessons:

  • Important HTTP Methods
  • HTTP Status Codes
  • Cookies
  • Web Application Architecture
  • OWASP Top 10

Labs

  • Detecting HTTP Methods
  • Exploiting the PUT Method

Module 2: Web Vulnerability Scanners and Proxies

Lessons:

  • Burp Proxy
  • OpenVas
  • Nikto, Wapiti

Labs

  • Using Nikto
  • Web Vulnerability Scanners

Module 3: Profiling the Web Server

Lessons:

  • Nmap
  • Metasploit Auxiliary Modules

Labs

  • Scanning the Web Server

Module 4: Injection

Lessons:

  • Command Injection
  • SQL Injection
  • Mitigation of Injection

Labs

  • Authentication Bypass
  • SQL Injection

Module 5: Broken Authentication

Lessons:

  • Authentication Protocols and Weaknesses
  • Username Enumeration
  • Attacking Tomcat’s Password with Metasploit
  • Brute Forcing Credentials with Hydra
  • Mitigation of Broken Authentication

Labs:

  • Using Tomcat Manager to Execute Code
  • Username Enumeration and Brute Forcing

Module 6: Sensitive Data Exposure

Lessons:

  • Plaintext Protocols and Data Exposure
  • Mitigation of Sensitive Data Exposure

Labs:

  • Taking Advantage of the robots.txt file
  • Finding Sensitive Data on Web Applications

Module 7: XML External Entities (XXE)

Lessons:

  • XXE External Entities
  • Mitigation of XML External Entities (XXE)

Labs:

  • XXE Exploitation

Module 8: Broken Access Control

Lessons:

  • Directory Traversal Overview
  • Mitigation of Broken Access Control

Labs:

  • Remote File Inclusion
  • Local File Inclusion
  • Attacking Path Traversal

Module 9: Security Misconfiguration

Lessons:

  • Understanding Security Misconfiguration
  • Using Dirb to detect Security Misconfiguration Issues
  • Mitigation of Security Misconfiguration

Labs:

  • Security Misconfiguration

Module 10: Cross-Site Scripting (XSS)

Lessons:

  • Types of Cross-Site Scripting
  • Using Burp to Test for XSS Vulnerabilities
  • Mitigation of Cross-Site Scripting (XSS)

Labs

  • Reflected Cross Site Scripting (XSS)
  • Stored XSS – Stealing User Cookie
  • Exploiting Stored XSS Using the Header
  • Identifying XSS Vulnerabilities

Module 11: Using Components with Known Vulnerabilities

Lessons:

  • Examples
  • Searching for Vulnerabilities
  • Mitigation of Using Components with Known Vulnerabilities

Review Questions

Labs:

  • Identifying Web App Vulnerabilities
Audience Profile

• Penetration testers
• Ethical hackers
• Web application developers
• Website designers, architects, and developers

Candidate Prerequisites

Basic familiarity with networking and Linux operating system.

Exam Details

Exam Code: CPT-WEB
Type of Questions: Hands-On Multiple Choice
Duration: 2 Hours
Passing Score: 70%
Exam Voucher Included

Duration and Delivery

Fast and flexible programme
that gives you a powerful head start

Delivery Method

On-demand study material with 24/7 labs and One-To-One Online Tutor support

Duration

Average completion time 2-3 months with 12 months access

What's included

Hands-On Labs

24-hr remote access to a virtual lab, train and practice your skills in your own time

100% online course

Online On-demand study material and 24/7 labs

Exam Preparation

Practice Quizzes and MOCK Exam along with ICSI exam vouchers

Support

Instructor Email and One-To-One Online Support

Price

Pay in 12 monthly instalments
  • 100% online course
  • Instructor Email and One-To-One Online Support
  • On-demand study material
  • 1 Year Access
  • 24/7 remote access to Labs
  • Practice Quizzes and MOCK Exam
  • Certificate of Completion
  • 1 Exam Voucher (available upon full payment)
£65
Buy Now
Pay in Full
  • 100% online course
  • Instructor Email and One-To-One Online Support
  • On-demand study material
  • 1 Year Access
  • 24/7 remote access to Labs
  • Practice Quizzes and MOCK Exam
  • Certificate of Completion
  • 1 Exam Voucher
£750
Buy Now
    https://icsiglobal.com/wp-content/uploads/2020/08/floating_image_03.png
    https://icsiglobal.com/wp-content/uploads/2020/08/floating_image_05.png

    The average salary for a penetration tester is £49,188 per year in United Kingdom.

    bt_bb_section_top_section_coverage_image
    https://icsiglobal.com/wp-content/uploads/2020/08/floating_image_04.png
    bt_bb_section_bottom_section_coverage_image

    Subscribe to our Newsletter

      Subscribe to our Newsletter

        https://icsiglobal.com/wp-content/uploads/2022/03/icsi_logo_black-1.png
        +44 (0) 1908 041 680
        655 Milton Keynes Business Centre Foxhunter Drive Linford Wood Milton Keynes MK14 6GD

        Connect

        ICSI’s strength lies in the accredited courses that are delivered by practicing and specialized experts in cybersecurity.

        Enquire Now
        0
          0
          Your Cart
          Your cart is emptyReturn to Shop
          Continue Shopping