This is a 2-day entry-level web application security testing course.
This is an entry-level web application security testing course and also a recommended pre-requisite course before enrolling for our “Advanced Web Hacking” course. This foundation course of “Web Hacking” familiarises the attendees with the basics of web application and web application security concerns. A number of tools and techniques, backed up by a systematic approach on the various phases of hacking will be discussed during this 2-day course. If you would like to step into a career of Ethical Hacking / Pen Testing with the right amount of knowledge, this is the right course for you.
Get certified:
Once you have completed the course, you can take an optional exam with Check Point whenever it suits you, and become a Web Hacking Check Point Certified Pen Testing Expert (CCPE).
2024 Edition
2 day practical class
Available by Partners
Live, online available
Basic
Course Overview
As a foundation course in “Web Hacking” you will become familiarised with the basics of web applications and their security concerns. A number of tools and techniques, backed up by a systematic approach on the various phases of web hacking are discussed during your 2 days.
Interested?
1. Our courses are available directly from us; through our training partners or at worldwide technical conferences.
2. You can find course dates and prices on the Courses and Webinars page.
3. Take a look below at a few of the upcoming courses for this specific training.
4. For more information including private course requests, complete the short form below.
Courses and webinars
Booking enquiries
Select the course from the Courses and Webinars Page.
Click here for course dates and prices
For private course delivery enquiries or other information, please use the form alongside.
The course is also available from our partners listed below.
If booked through Check Point, Cyber-Security Leraning Credits are accepted for this course.
For security and IT decision makers
What’s the real impact of training your team through NotSoSecure?
Start to build the skills within your team to harden your perimeter, lower the risk of compromise, and make your organisation a less attractive target for attackers. Trained delegates can:
- Confidently articulate the intricacies of the HTTP protocol and how it can be manipulated to achieve a malicious goal.
- Understand how to use industry-standard tools, such as Burpsuite, to perform manual penetration testing against web applications.
- Find and exploit vulnerabilities in web applications, including those that would lead to injection attacks, authorisation and bypass authentication, malicious file uploads, and more.
- Identify the infrastructure and frameworks underlying a web attack surface.
- Understand complications related to cryptography and the effect on web applications.
- Understand how to tie security testing and other offensive and defensive measures back to authentic attack vectors.
Course Details
You will be able to:
- Gain an introduction into web application hacking
- Understand how web application security flaws are discovered
- Work with the leading industry standards and approaches
- Build a foundation to progress your knowledge and move into more advanced Web Application topics
You will receive:
Access to part of our Hack-Lab, our online course environment. This gives you plenty of time to practice the concepts taught during the course. There are challenges, examples and demos to get to grips with, and all the support you need.
What you can take away from the course:
This course familiarises you with a wealth of tools and techniques required to breach and compromise the security of web applications. The course starts by discussing the very basics of web application concepts, and gradually builds up to a level where you can not only use the tools and techniques to hack various components involved in a web application, but also walk away with a solid understanding of the concepts on which these tools are based. The course will also talk about industry standards such as OWASP Top 10 and PCI DSS which form a critical part of web application security. Numerous real life examples will be discussed during the course to help you understand the true impact of these vulnerabilities.
Details of the course content:
UNDERSTANDING THE HTTP PROTOCOL
- HTTP Protocol Basics
- Introduction to proxy tools
INFORMATION GATHERING
- Enumeration Techniques
- Understanding Web Attack surface
USERNAME ENUMERATION & FAULTY PASSWORD RESET
- Attacking Authentication and Faulty Password mechanisms
AUTHORIZATION BYPASS
- Logical Bypass techniques
- Session related issues
CROSS SITE SCRIPTING (XSS)
- Various types of XSS
- Session Hijacking & other attacks
ISSUES WITH SSL / TLS
- SSL/TLS misconfiguration
CROSS SITE REQUEST FORGERY (CSRF)
- Understanding CSRF attack
- Various impacts of SSRF attack
SQL INJECTION
- SQL Injection types
- Manual Exploitation
XML EXTERNAL ENTITY (XXE) ATTACKS
- XXE Basics
- XXE exploitation
INSECURE FILE UPLOADS
- Attacking File upload functionality
DESERIALIZATION VULNERABILITIES
- Serialization Basics
- PHP Deserialization Attack
INSECURE FILE UPLOADS
- Attacking File upload functionality
COMPONENTS WITH KNOWN VULNERABILITIES
- Understanding risks known vulnerabilities
- Known vulnerabilities leading to critical exploits
INSUFFICIENT LOGGING AND MONITORING
- Understanding importance of logging and monitoring
- Common pitfalls in logging and monitoring
MISCELLANEOUS
- Understanding formula Injection attack
- Understanding Open Redirection attack
Prerequisites
Who Should Take This Class?
- Security enthusiasts
- Anybody who wishes to make a career in this domain and gain some knowledge of networks and applications
- Web Developers
- System Administrators
- SOC Analysts
- Network Engineers
- Pen Testers who are wanting to level up their skills
You will need:
Delegates should bring their laptop with windows operating system installed (either natively or running in a VM). Further, Delegates must have administrative access to perform tasks such as installing software, disabling antivirus etc. Devices that don’t have an Ethernet connection (e.g. MacBook Air, tablets etc.) will not be supported during the course.
Course Information
You can download a copy of the course information below.
In addition you will also be provided with a student pack, handouts and cheat-sheets if appropriate.
Your Training Roadmap
Offensive Classes
Hacking training for all levels: new to advanced. Ideal for those preparing for certifications such as CREST CCT (ICE), CREST CCT (ACE), CHECK (CTL), TIGER SST as well as infrastructure / web application penetration testers wishing to add to their existing skill set.
Defensive Classes
Giving you the skills needed to get ahead and secure your business by design. We specialise in application security (both secure coding and building security testing into your software development lifecycle) and cloud security. Build security capability into your teams enabling you to move fast and stay secure.
Testimonials
The theory and methodology was explained very well by the trainer. I thought he was really good at answering questions and adjusting his explanations so that everyone grasps the concepts. I came away from the course understanding everything covered on the syllabus, which is testament of his ability to break down complex concepts into a way that was easy to understand."
Delegate, Basic Web Hacking
It was a wonderful course. Instructor was very good and I hope to join another course with Notsosecure."
Delegate, Basic Web Hacking
Very organized and clearly presented. Great having hands-on experience with individuals ready to assist when help is needed."
Delegate, Black Hat USA
One of the best classes I have taken in a long time. The contest was on point and kept me engaged. I am new to Cyber Security after 25 years in App Development and am very pleased with what I have learned."
Delegate, Black Hat USA
Really enjoyed the lab and the walkthroughs, it helped expedite the learning process."
Delegate, Black Hat USA