Complete 20 hours WEB Application Security Testing Webinar Series for Professionals
Benefits
- Take part in one of the most complex and professional WAST Live webinar with 20+ hrs of knowledge
- Gain an in-depth understanding of how web applications work
- Learning the vulnerabilities of each component
- Practical examples of applying theory
- Extensive 1:1 sessions with Cybersecurity Consultants
- Learning how to use security testing tools like a Pro
Online Webinar Description
Web applications are much more widespread than many users may think. Because they are more convenient and offer more functionality, they can be found almost everywhere. For example, all social media platforms are web applications, as are online stores, and booking sites.
Many people may confuse them with websites - and for good reason! At first glance, they look very similar. However, apps offer much more interactivity. If you can buy, transfer, or book something there, it is most likely a web app.
Consequently, various examples of such applications collect unimaginable amounts of data. Every post on Facebook, every online purchase carries a lot of information, often very valuable. And we're not just talking about your credit card number! Data such as location, demographic parameters, or even the length of time spent on a given page of an app can be information that advertisers are willing to pay quite a bit of money for.
It is not uncommon for hackers to take advantage of how willingly we use the Internet and extract information from us even against our will. What's more, these attacks are becoming increasingly sophisticated, and often subtle enough that we may not immediately realize we've fallen victim to a cyber attack.
So it follows that our information is valuable, and we should protect it as best we can. And yet, in most cases, we give it away for free, as a "ransom" for using free platforms. Therefore, it is extremely crucial that the entire process is as "airtight" as possible. This is what security testers do. They are a kind of protector of our data, testing the program from all sides, finding even the smallest weakness, and then making sure it is fixed before digital criminals are able to exploit it.
A security tester is an incredibly important and responsible role. It's up to them to defend our most valuable data. The owners of major web applications realize this and are eager to hire the best of the best. However, being a security tester requires more than just determination. This is a position for those armed with knowledge of hacking and technology, but also with the ability to implement creative strategies, consistently pursue goals, and pay a tremendous amount of attention to detail.
This live streamed webinar series will provide you with the optimal environment to possess all of these skills in a concrete, structured way. It is specifically designed to train the next generation of experts and equip them with a state-of-the-art and effective armory of knowledge, tactics and practices.
Its blueprint was developed through collaboration with more than 10 IT and cyber security professionals. It took over a half year preparation to deliver a unified, comprehensive and complete live-streamed webinar to recruits. It includes complete, up-to-date information, creative exercises, specific knowledge, and additional resources that will allow any future defender of our data to acquire and add to proven, practical, expert knowledge.
In addition, in the interest of sustainability and providing relevant support, each user will have the opportunity to take advantage of a 5-hour consultation package with some of the experts who contributed to its development. This will provide you not only with a theoretical basis and practical application of newly acquired skills, but also with the support of an experienced professional who can help you further systematize this knowledge, apply it to realistic scenarios, and offer you concrete advice and information.
In this way, you too can become an Information Defender. Get a whole new ace up your sleeve of competence, or expand your current arsenal of knowledge to join the ranks of Web Application Security Testers, which will provide you with a rewarding job and many paths for growth. Delve into cybersecurity, meet experts in related fields and open up a veritable treasure trove of web application knowledge.
Specification
Details
TOPICS COVERED IN THE WEBINAR
Details: 20h 0min
Live-streamed Webinar Series plan – 14 parts, each 1-2hours. 20+ Hours Overall
Part 1. Introduction to the live streamed webinar series of Web application security testing -1,5h
1.Course Description
2.Tech , tools and software requirements
3.How to study this webinar effectively?
4.About infrastructure
5.Ethical Issues in the work of WAST specialist
Part 2. Environment -1,5h
1.Virtual Box configuration
2.System Cloning
3.Kali Linux Import
4.Console Navigation
5.Paths and files editing
6.Useful commands
7.Files search -find, with, locate,
8.Tools installation and updating
Part 3. Basic tools and terms - 1h
1.Network basics
2.Introduction to HTTP ( Get or Post?)
3.Apache, SSH
4.netstat and netcat
5.Bing shell, reverse shell
6.File sending ( Apache, nc, scp)
7.Burp configuration, proxy, target
8.Burp Scope and other tools
9.Burp general knowledge and experience
10.Useful browser extensions
Part 4. Web application Reconnaissance - 2h
1.Checking business logic and architecture of application
2.App installation
3.Site source- important information
4.DEMO-adisclosure on debug page
5.Hidden functions and forms
6.How to use robots.txt
7.DEMO-Source code disclosure via backup files
8.Checking and recognizing app components
9.Verbose Error Messages
10.DEMO-Information disclosure in error messages
11.NIKTO
12.Manual in-app navigation
13.Automatic application recognition
14.Paths brutforce (dirb, DirBuster, Burp Intruder)
15.DEMO-Information disclosure in version control history (.git folder)
16.Port scanning using Nmap
17.Web Application Firewall
18.Homework
Part 5. Session and access management -1,5h
1.Authentication + Authorization
2.Bruteforce and Dictionary Approach
3.Burp Intruder –Method
4.Hydra –Method
5.Cookies safety
6.Session management mechanisms
7.Roles and permissions checks
8.Privilege Escalation (Vertical, Horizontal)
9.DEMO -Privilege Escalation
10.DEMO Authentication bypass via information disclosure with TRACE method
11.Insecure Direct Object References – changes in user groups
12.DEMO Authorization Bypass
13.Insecure Direct Object References –data preview
14.IDOR – Download File
15.Forced Browsing
Part 6. Cross-Site Scripting - 1h
1.Client Side vs Server Side
2.Reflected Cross-Site Scripting
3.Stored Cross-Site Scripting
4.DOM Based Cross-Site Scripting
5.HTML Injection
6.Attacks scenarios
7.Session theft
8.Site data theft
9.Defacement
10. Protection against XXS
Part 7. SQL injections - 1,5h
1.SQL Intro, Metadata, DB engines
2.Searching for SQL Injection
3.Exploiting SQLi with Metadata
4.Password hash cracking
5.SQLMap – attack automatization
6.Blind SQLi
7.Time based SQLi
Part 8. XML external entity - 1h
1.XML and Entity building
2.XXE (XML External Entity) local variant
3.XXE Out Of Band
4.Remote Code Execution (RCE) using XXE
5.Billion laughs attack
Part 9. Interesting susceptibilities - 1h
1.Environment configuration
2.Local\Remote File Inclusion
3.Arbitrary File Upload
4.Path Traversal
5.OS Command Injection
6.CSRF (Cross Site Request Forgery)
7.Open redirection
8.Homework
Part 10. More Interesting susceptibilities - 1h
1.SSRF (Server Side Request Forgery)
2.SSTI (Server Side Template Injection)
3.Open Redirection
4.RFI (Remote File Inclusion)
5.Blind Command Injection
6.Race Condition
7.Mass Assignment
8.SQLi Second Order
9.Blind XSS(CrossSite Scripting)
Part 11. Security Headers - 1.5h
1.X-Frame-Options + Clickjacking
2.Strict-Transport-Security
3.CSP – Content Security Policy
4.X-XSS-Protection
5.X-Content-Type-Options
6.Security Headers Tools
Part 12. Cryptography - 2h
1.Intro lab
2.Basic terms and history
3.Block ciphers
4.Stream ciphers
5.Asimetric Ciphers
6.Hash
7.Password protection inDB
8.DHE
9.Crypto Guidelines
Part 13. Reporting - 2h
1.Introduction to methods
2.CIA
3.CVE
4.CVSS
5.Searching for common susceptibilities
6.Pentest – essential knowledge
7.Raport examples
Part 14. What's next? - 1h
1.CTF and Bug Bounty
2.Where to get knowledge from
3.Recommended blogs and books
4.Social profiles security and hacking
Part 15. Bonus knowledge from experts - 1h
1.Metasploit – Troubleshooting, Database, Basic commands,
2.Metasploit – Auxiliary
3.Metasploit – MSFvenom
4.Metasploit – Meterpreter
5.OpenVas – Scan and installation
6.OpenVas – Results
7.Nessus – Scan and installation
8.Wireshark
9.Beef – Installation
10.Beef – MSF integration
11.Nmap – Intro
12.Nmap – Host Discoveries
13.Nmap – Scan
14.Nmap – Scripts
Who is the webinar for?
If you want to:
Get the best knowledge prepared by Web Application Security Testing Experts
Change the industry
Take part in professional webinar series which will cover all the essential topics and prepare you for being AST practitioner
Take cares of his cybersecurity growth
Wants to get an access to 1:1 sessions with experts
This live-streamed webinar is for you!
Check how easy it is to participate in our live webinars
Step 1. Choose webinar
Start by selecting the webinar that interests you and learn more about it by clicking on the thumbnail picture.
Step 2. Place an order
Once you have read the description of the webinar and decide to participate in it, add it to your shopping cart, and then choose payment and delivery options.
Step 3. Use activation code
Once you have paid for your order, you will receive an activation code that allows you to sign up for the webinar.
Step 4. Choose the date of the webinar
Sign up for the webinar by selecting one of the available dates and times.
