The course will demonstrate how hackers think when planning an attack on a site; the methods, tools and techniques used in the real world, and how they can be thwarted.
At the conclusion of the training course attendees will know how to carry out web-app reconnaissance, information gathering and exploitation, and be familiar with well-known attacks and vectors used by hackers, as well as the defensive measures to counter these.
Our experience has taught us that in order to properly guard against the ever increasing pool of weaknesses an organisation faces, the defenders must learn to think like their opponents in order to be one step ahead.
The course is therefore structured around practical knowledge regarding web application security vulnerabilities, following a step-by-step model:
- Recon the site
- Find the vulnerability
- Exploit the vulnerability
- Understand the underlying cause and create a remedy
Who should attend?
This course has been designed as an introductory level course that requires no prior experience in this topic and is particularly useful for Web-app developers, Security managers, Ethical hackers and Penetration testers looking to upgrade their knowledge of web application security.
The following topics will be covered in the training:
- Introduction to modern web application security
- Architectures and server types
- Thinking like an attacker
- Reconnaissance and information gathering
- The tools of the trade
- Password and the Vulnerabilities
- Bypassing site logic
- HTTPS, the Secure Socket Layer (SSL) and weak configurations
- Common weaknesses and public exploits
- Advanced Brute-forcing
- Cross-site Scripting (XSS)
- SQL Injection and Database Take-overs
- File Upload Exploitation
- Framework Vulnerabilities
- XML Injection
- Stringing attacks together
The course includes practical elements throughout the two days.
Cost for the two day course:
£1,000 per person, inclusive of tuition and course materials (excludes VAT).