Support

Elevate Your Expertise: Learn More, Save More, and Achieve More with Our Exclusive Training Deals!

Course Summary

Students will gain a deep understanding of common web application vulnerabilities and learn how to identify and exploit them, with a focus on their potential business impact. The course takes students through a proven, repeatable process designed for comprehensive web application assessments. This systematic approach enables students to not only uncover security issues but also demonstrate how these vulnerabilities affect the business. The course aims to improve organizational security by developing skilled penetration testers, emphasizing not just the technical aspects of hacking, but also the importance of thorough documentation and reporting to effectively communicate the risks posed by web application vulnerabilities.

In addition to high-quality content, SEC542 prioritizes hands-on labs and a capstone capture-the-flag (CTF) event to ensure students can immediately apply their skills in real-world scenarios.

Key topics include:

Web application overview, authentication attacks, and configuration testing
Web application session management, SQL injection attacks, and testing tools
Cross-Site Request Forgery (CSRF), scripting vulnerabilities, client-side injection attacks, reconnaissance, and mapping

Cross-Site Request Forgery (CSRF), Cross-Site Scripting (XSS), and Client-Side Injection Attacks
The candidate will demonstrate an understanding of CSRF, XSS, and client-side injection attacks, along with the tools and techniques used to discover and exploit these vulnerabilities.

Reconnaissance and Mapping
The candidate will demonstrate knowledge of techniques for discovering, exploring, and investigating a website and its web application features. This includes port scanning, identifying services and configurations, spidering, application flow charting, and session analysis.

Web Application Authentication Attacks
The candidate will be familiar with the authentication processes and mechanisms used to secure web applications. They will understand how to enumerate users and bypass or exploit weak authentication controls.

Web Application Configuration Testing
The candidate will demonstrate proficiency with the tools and techniques used to audit and identify flaws in the design or implementation of a website’s configuration.

Web Application Overview
The candidate will understand the technologies, programming languages, and structures involved in web application construction and operation, such as HTTP, HTTPS, and AJAX, with a focus on security vulnerabilities and basic functionality.

Web Application Session Management
The candidate will have a solid understanding of how web applications manage client sessions, track user activity, and use SSL/TLS in modern web communications, as well as the attacks that can be leveraged against flaws in session management.

Web Application SQL Injection Attacks
The candidate will be familiar with techniques to audit and test web applications for SQL injection vulnerabilities, and how to identify and exploit SQL injection flaws in applications.

Web Application Testing Tools
The candidate will demonstrate knowledge of the tools and techniques necessary for web application security testing on modern web-based technologies such as JavaScript with AJAX. This includes using proxies, fuzzing, scripting, and attacking application logic.

There are currently no prerequisites for this course. However the following courses is recommended prior: SEC504: Hacker Tools, Techniques, and Incident Handling SEC560: Enterprise Penetration Testing SEC565: Red Team Operations and Adversary Emulation

proctored exam 82 questions 3 hours Minimum passing score of 71%

Following your booking, a confirmation message will be sent to all participants, ensuring you're well-informed of your successful enrollment. Calendar placeholders will also be dispatched to assist you in scheduling your commitments around the course. Rest assured, all course materials and access to necessary labs or platforms will be provided no later than one week before the course begins, allowing you ample time to prepare and engage fully with the learning experience ahead.

Our comprehensive training package includes all the necessary materials and resources to facilitate a full learning experience. Enrollees will be provided with detailed course content, encompassing a wide array of topics to ensure a thorough understanding of the subject matter. Additionally, participants will receive a certificate of completion to recognize their dedication and hard work. It's important to note that while the course fee covers all training materials and experiences, the examination fee for certification is not included but can be purchased separately.
Send as a Prefilled Cart
Request Custom Delivery

Questions About This Course?







    Other Popular Courses

    CompTIA: SecurityX
    • Duration: 5 Days
    • Language: English
    • Level: Advanced
    • Exam: CAS-005
    Course Details This product has multiple variants. The options may be chosen on the product page
    Dates & Details
    Executive Cyber Risk Certification (ECRC)
    • Duration: 2 Days
    • Language: English
    • Level: Advanced
    • Exam: ECRC
    Course Details This product has multiple variants. The options may be chosen on the product page
    Dates & Details
    Mastering Communication & Presentation Te...
    • Duration: 5 Days
    • Language: Danish
    • Level: Intermediate
    • Exam: MCPT
    Course Details This product has multiple variants. The options may be chosen on the product page
    Dates & Details