Learn the tools and techniques for conducting
a web application penetration test. Get your hands dirty with HTTP and Burp Suite.
INTRODUCTION TO
Web Application Penetration Testing
Overview
Learn the tools and techniques for conducting a web application penetration test.
This class is designed for those with little to no web application penetration testing experience, although it will move quickly.
In this course, students will gain an understanding of:
- HTTP and Burp Suite
- Introduction to web application penetration testing
- Hands-on challenges
- Exploit web applications
- Basic understanding of web application penetration test
Duration
This training can range from several hours to a full week. An example agenda is given below.
Agenda
- HTTP Basics, Burp Intro and Setup
- Proxy Tab
- Target Tab
- Repeater Tab
- Authentication
- Decoder Tab
- Comparer Tab
- Intruder Tab
- Fuzzing directories
- Null Byte Injection
- Burp Crawler (Spider)
- Authorization
- API Testing
- Cross-Site Scripting (XSS)
- Same Origin and Cross-Site Request Forgery (CSRF)
- Injection
- SQL Injection
- Command Injection
- Other Injections
- Path Traversal
- File Upload Vulnerabilities
- Sequencer Tab
- Burp Scanner – Active & Passive
- Burp Enterprise
- Continuous Testing
- Advanced XSS
- Extender Tab
- Useful Burp Extensions
- Pentesting Methodologies
- More Burp Configuration
- Options
- SSRF
Prerequisites
Basic knowledge of HTTP requests and responses, and any web application programming experience will be helpful, but is not required.
Pricing
We offer training at various conferences. If you know of conference we may be interested in, please let us know! Pricing for private training classes is generally $3000-$4000 per day. Please contact us to get an exact quote.
Upcoming Classes
Please contact us if you are interested in us letting you know once a virtual or public class is scheduled.
