Skip to main content

INTRODUCTION TO

Advanced Web Application Penetration Testing

So you’ve popped some alert boxes, and understand the OWASP Top 10, but you’re looking to take your skills to the next level?

Advanced

Overview

Learn the tools and techniques for conducting a web application penetration test.

This class is designed for those with little to no web application penetration testing experience, although it will move quickly.

In this course, students will gain an understanding of:

  • HTTP and Burp Suite
  • Introduction to web application penetration testing
  • Hands-on challenges
  • Exploit web applications
  • Basic understanding of web application penetration test

Duration

This training can range from several hours to a full week. An example agenda is given below.

Agenda

  • OSINT & Target Recon
  • Burp Suite Tips and Tricks
  • Obscure Burp functionality
  • Advanced Burp Suite usage, such as session management and authorization testing
  • Burp Enterprise
  • Continuous Testing
  • SSRF
  • CORS
  • Advanced XSS
  • DOM-based
  • Client-Side Template Injection
  • Advanced Authentication Methods & Vulnerabilities
  • WebAuthn
  • OAuth
  • SAML
  • OpenID Connect
  • JWT
  • Optional: Open Bug Hunting
  • XML External Entities (XXE)
  • Exploiting Cloud Services (EC2, S3, etc.)
  • Deserialization Vulnerabilities
  • Exploiting Cryptographic Weakness
  • Stream Ciphers
  • Block Ciphers
  • Padding Oracle Attacks
  • Writing Burp Extensions
  • Other Web Technologies
  • HTTP 2 / HTTP 3
  • WebSockets
  • HTTP Security Headers

Prerequisites

Basic knowledge of HTTP requests and responses, and any web application programming experience will be helpful, but is not required.

Pricing

We offer training at various conferences. If you know of conference we may be interested in, please let us know! Pricing for private training classes is generally $3000-$4000 per day. Please contact us to get an exact quote.

Upcoming Classes

Please contact us if you are interested in us letting you know once a virtual or public class is scheduled.

Get on the List

Request training details