ICSI | CWPT Certified Web Penetration Tester

Open Web Application Security Project (OWASP) Top Ten is widely recognized as a powerful awareness document that represents a broad consensus among security experts about the most critical security risks to web applications. This course is designed to educate those who develop, administer and secure web applications about the most common web application security vulnerabilities, the potential impact of exploiting these weaknesses and basic approaches to mitigating web application security risks.

Interested in attending? Have a suggestion about running this event near you?
Register your interest now

  • Elearning

    Course Access: 1 Year, 100% online course, 24-hr remote access to a virtual lab, Instructor Email and One-To-One Online Support, Exam Voucher Included
    • £416.67 excl. VAT

Description

Module 1: HTTP Protocol Overview

Lessons:

  • Important HTTP Methods
  • HTTP Status Codes
  • Cookies
  • Web Application Architecture
  • OWASP Top 10

Labs

  • Detecting HTTP Methods
  • Exploiting the PUT Method

Module 2: Web Vulnerability Scanners and Proxies

Lessons:

  • Burp Proxy
  • OpenVas
  • Nikto, Wapiti

Labs

  • Using Nikto
  • Web Vulnerability Scanners

Module 3: Profiling the Web Server

Lessons:

  • Nmap
  • Metasploit Auxiliary Modules

Labs

  • Scanning the Web Server

Module 4: Injection

Lessons:

  • Command Injection
  • SQL Injection
  • Mitigation of Injection

Labs

  • Authentication Bypass
  • SQL Injection

Module 5: Broken Authentication

Lessons:

  • Authentication Protocols and Weaknesses
  • Username Enumeration
  • Attacking Tomcat’s Password with Metasploit
  • Brute Forcing Credentials with Hydra
  • Mitigation of Broken Authentication

Labs:

  • Using Tomcat Manager to Execute Code
  • Username Enumeration and Brute Forcing

Module 6: Sensitive Data Exposure

Lessons:

  • Plaintext Protocols and Data Exposure
  • Mitigation of Sensitive Data Exposure

Labs:

  • Taking Advantage of the robots.txt file
  • Finding Sensitive Data on Web Applications

Module 7: XML External Entities (XXE)

Lessons:

  • XXE External Entities
  • Mitigation of XML External Entities (XXE)

Labs:

  • XXE Exploitation

Module 8: Broken Access Control

Lessons:

  • Directory Traversal Overview
  • Mitigation of Broken Access Control

Labs:

  • Remote File Inclusion
  • Local File Inclusion
  • Attacking Path Traversal

Module 9: Security Misconfiguration

Lessons:

  • Understanding Security Misconfiguration
  • Using Dirb to detect Security Misconfiguration Issues
  • Mitigation of Security Misconfiguration

Labs:

  • Security Misconfiguration

Module 10: Cross-Site Scripting (XSS)

Lessons:

  • Types of Cross-Site Scripting
  • Using Burp to Test for XSS Vulnerabilities
  • Mitigation of Cross-Site Scripting (XSS)

Labs

  • Reflected Cross Site Scripting (XSS)
  • Stored XSS – Stealing User Cookie
  • Exploiting Stored XSS Using the Header
  • Identifying XSS Vulnerabilities

Module 11: Using Components with Known Vulnerabilities

Lessons:

  • Examples
  • Searching for Vulnerabilities
  • Mitigation of Using Components with Known Vulnerabilities

Review Questions

Labs:

Identifying Web App Vulnerabilities

Audience Profile

  • Penetration testers
  • Ethical hackers
  • Web application developers
  • Website designers, architects, and developers

Exam Information

Exam Code:CPT-WEB
Type of Questions: Hands-On Multiple Choice
Duration: 2 Hours
Passing Score: 70%
Exam Voucher Included

Prerequisites

Basic familiarity with networking and Linux operating system.

Subscribe to Newsletter

Enter your email address to register to our newsletter subscription delivered on regular basis! 

CONTACT US     ABOUT     PRIVACY   BLOG

© Copyright ICSI, Limited
(International CyberSecurity Institute) 2023