Open Web Application Security Project (OWASP) Top Ten is widely recognized as a powerful awareness document that represents a broad consensus among security experts about the most critical security risks to web applications. This course is designed to educate those who develop, administer and secure web applications about the most common web application security vulnerabilities, the potential impact of exploiting these weaknesses and basic approaches to mitigating web application security risks.
Interested in attending? Have a suggestion about running this event near you?
Register your interest now
-
Elearning
Course Access: 1 Year, 100% online course, 24-hr remote access to a virtual lab, Instructor Email and One-To-One Online Support, Exam Voucher Included- £416.67 excl. VAT
Description
Module 1: HTTP Protocol Overview
Lessons:
- Important HTTP Methods
- HTTP Status Codes
- Cookies
- Web Application Architecture
- OWASP Top 10
Labs
- Detecting HTTP Methods
- Exploiting the PUT Method
Module 2: Web Vulnerability Scanners and Proxies
Lessons:
- Burp Proxy
- OpenVas
- Nikto, Wapiti
Labs
- Using Nikto
- Web Vulnerability Scanners
Module 3: Profiling the Web Server
Lessons:
- Nmap
- Metasploit Auxiliary Modules
Labs
- Scanning the Web Server
Module 4: Injection
Lessons:
- Command Injection
- SQL Injection
- Mitigation of Injection
Labs
- Authentication Bypass
- SQL Injection
Module 5: Broken Authentication
Lessons:
- Authentication Protocols and Weaknesses
- Username Enumeration
- Attacking Tomcat’s Password with Metasploit
- Brute Forcing Credentials with Hydra
- Mitigation of Broken Authentication
Labs:
- Using Tomcat Manager to Execute Code
- Username Enumeration and Brute Forcing
Module 6: Sensitive Data Exposure
Lessons:
- Plaintext Protocols and Data Exposure
- Mitigation of Sensitive Data Exposure
Labs:
- Taking Advantage of the robots.txt file
- Finding Sensitive Data on Web Applications
Module 7: XML External Entities (XXE)
Lessons:
- XXE External Entities
- Mitigation of XML External Entities (XXE)
Labs:
- XXE Exploitation
Module 8: Broken Access Control
Lessons:
- Directory Traversal Overview
- Mitigation of Broken Access Control
Labs:
- Remote File Inclusion
- Local File Inclusion
- Attacking Path Traversal
Module 9: Security Misconfiguration
Lessons:
- Understanding Security Misconfiguration
- Using Dirb to detect Security Misconfiguration Issues
- Mitigation of Security Misconfiguration
Labs:
- Security Misconfiguration
Module 10: Cross-Site Scripting (XSS)
Lessons:
- Types of Cross-Site Scripting
- Using Burp to Test for XSS Vulnerabilities
- Mitigation of Cross-Site Scripting (XSS)
Labs
- Reflected Cross Site Scripting (XSS)
- Stored XSS – Stealing User Cookie
- Exploiting Stored XSS Using the Header
- Identifying XSS Vulnerabilities
Module 11: Using Components with Known Vulnerabilities
Lessons:
- Examples
- Searching for Vulnerabilities
- Mitigation of Using Components with Known Vulnerabilities
Review Questions
Labs:
Identifying Web App Vulnerabilities
Audience Profile
- Penetration testers
- Ethical hackers
- Web application developers
- Website designers, architects, and developers
Exam Information
Exam Code:CPT-WEB
Type of Questions: Hands-On Multiple Choice
Duration: 2 Hours
Passing Score: 70%
Exam Voucher Included
Prerequisites
Basic familiarity with networking and Linux operating system.