Introductory Web Application Hacking Course

Context will be hosting our next Introductory Web Application Hacking course at our London offices on the 29th - 30th November 2017. 

Nov 29 2017
29 Nov 2017 30 Nov 2017 09:00 – 17:00
Context London Offices 11 Westferry Circus, London, E14 4HD Show Map

The course will demonstrate how hackers think when planning an attack on a site; the methods, tools and techniques used in the real world, and how they can be thwarted.

At the conclusion of the training course attendees will know how to carry out web-app reconnaissance, information gathering and exploitation, and be familiar with well-known attacks and vectors used by hackers, as well as the defensive measures to counter these.

Approach

Our experience has taught us that in order to properly guard against the ever increasing pool of weaknesses an organisation faces, the defenders must learn to think like their opponents in order to be one step ahead.

The course is therefore structured around practical knowledge regarding web application security vulnerabilities, following a step-by-step model:

  • Recon the site
  • Find the vulnerability
  • Exploit the vulnerability
  • Understand the underlying cause and create a remedy


Who should attend? 

This course has been designed as an introductory level course that requires no prior experience in this topic and is particularly useful for Web-app developers, Security managers, Ethical hackers and Penetration testers looking to upgrade their knowledge of web application security.

 

Course Description

The following topics will be covered in the training: 

Day 1: 

  • Introduction to modern web application security
  • Architectures and server types
  • Thinking like an attacker
  • Reconnaissance and information gathering
  • The tools of the trade
  • Password and the Vulnerabilities
  • Bypassing site logic
  • HTTPS, the Secure Socket Layer (SSL) and weak configurations
  • Common weaknesses and public exploits

Day 2: 

  • Advanced Brute-forcing
  • Cross-site Scripting (XSS)
  • SQL Injection and Database Take-overs
  • File Upload Exploitation
  • Framework Vulnerabilities
  • XML Injection
  • Stringing attacks together

The course includes practical elements throughout the two days. 

Cost for the two day course: 

£1,000 per person, inclusive of tuition and course materials (excludes VAT). 

Register to attend

To register your interest, click here and complete the form.

Register
CREST
CREST STAR
CHECK IT Health Check Service
CTAS - CESG Tailored Assurance Service
CBEST
PCI - Approved Scanning Vendor
Cyber Essentials
CESG Certified Product
CESG Certified Service
First - Improving Security Together
BSI ISO 9001 FS 581360
BSI ISO 27001 IS 553326