So you’ve popped some alert boxes, and understand the OWASP Top 10, but you’re looking to take your skills to the next level?
INTRODUCTION TO
Advanced Web Application Penetration Testing
Overview
Learn the tools and techniques for conducting a web application penetration test.
This class is designed for those with little to no web application penetration testing experience, although it will move quickly.
- HTTP and Burp Suite
- Introduction to web application penetration testing
- Hands-on challenges
- Exploit web applications
- Basic understanding of web application penetration test
Duration
This training can range from several hours to a full week. An example agenda is given below.
Agenda
- OSINT & Target Recon
- Burp Suite Tips and Tricks
- Obscure Burp functionality
- Advanced Burp Suite usage, such as session management and authorization testing
- Burp Enterprise
- Continuous Testing
- SSRF
- CORS
- Advanced XSS
- DOM-based
- Client-Side Template Injection
- Advanced Authentication Methods & Vulnerabilities
- WebAuthn
- OAuth
- SAML
- OpenID Connect
- JWT
- Optional: Open Bug Hunting
- XML External Entities (XXE)
- Exploiting Cloud Services (EC2, S3, etc.)
- Deserialization Vulnerabilities
- Exploiting Cryptographic Weakness
- Stream Ciphers
- Block Ciphers
- Padding Oracle Attacks
- Writing Burp Extensions
- Other Web Technologies
- HTTP 2 / HTTP 3
- WebSockets
- HTTP Security Headers
Prerequisites
Basic knowledge of HTTP requests and responses, and any web application programming experience will be helpful, but is not required.
Pricing
We offer training at various conferences. If you know of conference we may be interested in, please let us know! Pricing for private training classes is generally $3000-$4000 per day. Please contact us to get an exact quote.
Upcoming Classes
Please contact us if you are interested in us letting you know once a virtual or public class is scheduled.