HG215 : Web Application Penetration Testing & Ethical Hacking

HG215 is beginner friendly training course which enables students to assess a web application’s security posture and convincingly demonstrate the business impact should attackers exploit the discovered vulnerabilities. Students will learn common web application vulnerabilities, as well as how to identify and exploit them with the intent of demonstrating the potential business impact. it offers 30+ formal hands-on labs which gives in-depth pragmatic experience to the student.

You Will Be Able To:

• OWASP’s methodology to your web application penetration tests to confirm they’re consistent, reproducible, rigorous, and secure.
• Analyze the results from the automated web testing tools to validate findings, determine their impact, and identify false positives.
• Manually discover key web application flaws.
• Use Python to jot down testing and exploitation scripts during a penetration test.
• Discover and exploit SQL Injection flaws to research true risk to the victim organization.
• Understand and exploit deserialization vulnerabilities with ysoserial and similar tools.
• Create various configurations and test payloads within other web attacks.
• Fuzz potential inputs for injection attacks.
• Explain the business impact of exploitation of web application flaws.
• Analyze traffic between the client and web app using tools like the Zed Attack Proxy (ZAP) and BurpSuite 
• Pro to get security issues within the client-side application code.
• Manually identify and exploit Cross-Site Request Forgery (CSRF) attacks.
• Use the Browser Exploitation Framework (BeEF) to hook victim browsers, attack client software and also the 
• network, and evaluate the potential impact that XSS flaws have within an application.
• Perform 30+ labs to get in-depth hands-on experience of web security flaws
  

You Will Learn:

• To apply a proven methodology to deliver high-value pen-tests.
• How to discover and exploit key web security flaws.
• How to explain the potential business impact of web vulnerabilities.
• The importance of web security to an overall IT security posture.
• How to use key web attack tools more efficiently.
• How to write effective web application penetration test reports.

Hands-On Training:

• DNS Harvesting and Virtual Host Discovery
• Authentication Bypass
• Heartbleed Exploitation
• Insecure Deserialization
• Reflected and Persistent XSS Attacks
• DOM-Based XSS Attacks
• Spidering and Forced Browsing
• WPScan
• SQL Injection
• Blind SQL Injection
• CSRF Exploitation
• XML External Entities
• Metasploit for Web Application Attacks
• Exploiting Shellshock
• Leveraging the sqlmap tool
• BeEF and Browser Exploitation
• Username Harvesting
• Password Guessing Attacks
• HTML Injection
• Remote File Inclusion
• Local File Inclusion
• OS Command Injection
• Drupalgeddon and Drupalgeddon 2 Exploitation
• BurpSuite Professional Scanner
• Python for Web Application Pen Testers
• Troubleshooting when automated tools fail
• Extensive use of both BurpSuite Pro and ZAP throughout the course