NotSoSecure: Basic Web Hacking

Home > Products > NotSoSecure: Basic Web Hacking

NotSoSecure: Basic Web Hacking

This is an entry-level web application security testing course and also a recommended pre-requisite course before enrolling for the “Advanced Web Hacking” course. This foundation course of “Web Hacking” familiarises the attendees with the basics of web application and web application security concerns. A number of tools and techniques, backed up by a systematic approach on the various phases of hacking will be discussed during this 2-day course.

Duration :2 Days
Exam :none
Language :English
Level :Intermediate

Unlock Special Offers Today!

Use Code TWO10 for 10% Off When You Book Two Seats.

Special Offers

NotSoSecure: Basic Web Hacking

Course Details:

Duration : 2 Days
Language : English

See Price Now

Course Summary

This course familiarises you with a wealth of tools and techniques required to breach and compromise the security of web applications.
The course starts by discussing the very basics of web application concepts, and gradually builds up to a level where you can not only use the tools and techniques to hack various components involved in a web application, but also walk away with a solid understanding of the concepts on which these tools are based.

The course will also talk about industry standards such as OWASP Top 10 and PCI DSS which form a critical part of web application security. Numerous real life examples will be discussed during the course to help you understand the true impact of these vulnerabilities.

Trained delegates can:

• Confidently articulate the intricacies of the HTTP protocol and how it can be manipulated to achieve a malicious goal.
• Understand how to use industry-standard tools, such as Burpsuite, to perform manual penetration testing against web applications.
• Find and exploit vulnerabilities in web applications, including those that would lead to injection attacks, authorisation and bypass authentication, malicious file uploads, and more.
• Identify the infrastructure and frameworks underlying a web attack surface.
• Understand complications related to cryptography and the effect on web applications.
• Understand how to tie security testing and other offensive and defensive measures back to authentic attack vectors.

UNDERSTANDING THE HTTP PROTOCOL
• HTTP Protocol Basics
• Introduction to proxy tools

INFORMATION GATHERING
• Enumeration Techniques
• Understanding Web Attack surface

USERNAME ENUMERATION & FAULTY PASSWORD RESET
• Attacking Authentication and Faulty Password mechanisms

AUTHORIZATION BYPASS
• Logical Bypass techniques
• Session related issues

CROSS SITE SCRIPTING (XSS)
• Various types of XSS
• Session Hijacking & other attacks

ISSUES WITH SSL / TLS
• SSL/TLS misconfiguration

CROSS SITE REQUEST FORGERY (CSRF)
• Understanding CSRF attack
• Various impacts of SSRF attack

SQL INJECTION
• SQL Injection types
• Manual Exploitation

XML EXTERNAL ENTITY (XXE) ATTACKS
• XXE Basics
• XXE exploitation

INSECURE FILE UPLOADS
• Attacking File upload functionality

DESERIALIZATION VULNERABILITIES
• Serialization Basics
• PHP Deserialization Attack

INSECURE FILE UPLOADS
• Attacking File upload functionality

COMPONENTS WITH KNOWN VULNERABILITIES
• Understanding risks known vulnerabilities
• Known vulnerabilities leading to critical exploits

INSUFFICIENT LOGGING AND MONITORING
• Understanding importance of logging and monitoring
• Common pitfalls in logging and monitoring

MISCELLANEOUS
• Understanding formula Injection attack
• Understanding Open Redirection attack

There is no prerequisite for taking this course.

Upon successful completion of the course, delegates will receive a certificate of completion, acknowledging their proficiency in the subject matter.

Following your booking, a confirmation message will be sent to all participants, ensuring you're well-informed of your successful enrollment. Calendar placeholders will also be dispatched to assist you in scheduling your commitments around the course. Rest assured, all course materials and access to necessary labs or platforms will be provided no later than one week before the course begins, allowing you ample time to prepare and engage fully with the learning experience ahead.

Our comprehensive training package includes all the necessary materials and resources to facilitate a full learning experience. Enrollees will be provided with detailed course content, encompassing a wide array of topics to ensure a thorough understanding of the subject matter. Additionally, participants will receive a certificate of completion to recognize their dedication and hard work. It's important to note that while the course fee covers all training materials and experiences, the examination fee for certification is not included but can be purchased separately.

Send as a Prefilled Cart Request Custom Delivery

Questions About This Course?

Other Popular Courses

Executive Cyber Risk Certification (ECRC)

Duration: 2 Days
Language: English
Level: Intermediate
Exam: ECRC

Select options

See Price

Dates & Details

Mastering Communication & Presentation Te...

Duration: 4 Days
Language: Danish
Level: Intermediate
Exam: MCPT

Select options

See Price

Dates & Details

Next Generation Mindfulness

Duration: 1 Days
Language: English
Level: Foundation
Exam: NGM

Select options

See Price

Dates & Details

Find Your Course

AI, Machine learning, Analytics & Robotics

Business Applications

Cloud

IT & Cyber Security

IT Enterprise Systems & Architecture

IT Infrastructure & Networking

IT Service Management

Project, Agile & Programme Management

Soft Skills - Leadership & Communication

Software Engineering