ICSI|CWPT Certified Web Penetration Tester

Introduction

Course Outline:
Web Application Testing
Certification:
ICSI|CWPT Certified Web Penetration Tester
Duration:
3 Days
Candidate Prerequisites:
ICSI|CPT

This course is concerned with web penetration testing. Users will be the taught to use industry standard tools to perform application vulnerability scanning and exploitation of web and web applications.
It should be noted that all exercises are performed in an isolated hosted testing lab.

This course will significantly benefit anyone involved any Information Security Professional who wishes to deepen his/her technical skills or is involved in technical security assessments such as penetration testing.

Module 1 Intro to Web Technologies

  • Web servers
  • IIS
  • Apache
  • HTTP headers
  • Protocols
  • Mark up Languages
  • Programming Languages
  • APIs CGI Apache
  • Web application architecture J2EE, .NET, Ruby on Rails
  • Underlying DB
  • SQL
  • ORACLE
  • Java, Flash and client side code

Module 2 Web Penetration Testing

  • Methodology
  • Scenarios development
  • Limitations and scope

Module 3 Web application threats

  • Web application server software
  • Cross Site Scripting
  • Injections
  • Session Mismanagement
  • Source code
  • Encryption
  • Information Disclosure
  • Fuzzing
  • Input/output validation

Module 4 Web application reconnaissance and vulnerabilities

  • Web page/application structure discovery
  • Information gathering on web/ web applications
  • Vulnerability scanning of web/ web applications

Module 5 Web application attacks

  • Spidering tools
  • XSS
  • SQL Injection
  • Cookies
  • Directory Traversal
  • CSRF
  • Uploads
  • Code injection
  • Parameter manipulation
  • Fuzzing
  • Data confidentiality integrity
  • App logic
  • One day penetration testing certification exam based on real word scenarios using our isolated online hosted testing lab.
  • Pass = 50-59% Merit = 60-79% Distinction = 80-100%.
  • 100% Final Assesement.

ARE YOU READY FOR A CAREER IN CYBERSECURITY?

Contact Us