Web Application Penetration Testing Course
Course Introduction
This course covers web application vulnerabilities in a practical fashion using practical labs designed for demonstrations. The course contains a theoretical part to explain the concepts and a practical part for demonstration. Course theoretical part is packed into a downloadable PDF file as well.
Course Audience
Anyone interested in learning web application penetration testing
Junior Penetration Testers
Learning Objectives
- Understand Web application penetration testing methodology
- Understand the concepts of web application vulnerabilities
- Be able to conduct manual testing of web application vulnerabilities
Course Content
1- Injection vulnerabilities including but not limited to
* Command Injection
* SQL Injection: this includes error-based, blind time-based, authentication bypass and blind boolean-based
* SQLmap
2- Broken Access Control
3- Broken Authentication
4- JSON Web Tokens
5- Sensitive Data Exposure
6- SSRF aka server side request forgery
7- SSTI aka server side template injection
8- XSS aka Cross Site Scripting
9- XXE aka XML External Entity Injection
10 CSRF aka Cross Site Request Forgery