Web Penetration Testing
- Course Duration
- 4 Days
Need Group Training
Course Description
This hands-on live training is designed to take you from beginner to confident web application pentester with no prior hacking experience required. You’ll gain a solid foundation in how web apps work, how to find and exploit common vulnerabilities, and how to think like an attacker.
The primary focus is learning by doing, with each module focusing on real-world techniques. You will also receive 12-months access to the full on-demand version of the course to support the reinforcement of classroom learning objectives.
This course includes two Exam Vouchers for TCM Security’s Practical Web Pentest Associate (PWPA) and Practical Web Pentest Professional (PWPP) certifications. Each exam voucher includes 1 exam attempt and is valid for 12-months from the course completion date.
Course Objective
- The fundamental architecture and functionality of web applications
- Common server-side vulnerabilities and attack techniques
- Client-side attack methods and exploitation tactics
- Scanning tools and techniques used to identify and execute advanced web application attacks
Course Outline
Day 1 – How Web Apps Work
- Introduction
- How Web Apps Work
- Intro to HTTP
- Broken Authentication
- Broken Access Control
- SQL Injection
Day 2 – Server-Side Attacks
- SQL Injection
- Command Injection
- XML External Entity (XXE) Injection
- Directory Traversal
Day 3 – Server-Side Attacks and Client-Side Attacks
- File Upload
- Server-Side Request Forgery (SSRF)
- Cross-Site Scripting (XSS)
- Cross-Site Request Forgery (CSRF)
Day 4 – Scanning and More Advanced Attacks
- Scanning, Filter Bypasses, WAF Bypasses
- Logic Bugs
- Building a Methodology
- Performing a Web App Pentest