Web Application Pentesting
- 4 Days Course
- Language: English
Introduction:
This hands-on live training is designed to take you from beginner to confident web application pentester with no prior hacking experience required. You’ll gain a solid foundation in how web apps work, how to find and exploit common vulnerabilities, and how to think like an attacker.
The primary focus is learning by doing, with each module focusing on real-world techniques. By the end of the bootcamp, you’ll be well on your way to taking on the Practical Junior Web Tester (PJWT) certification.
Objectives:
Course Outline:
1 – Introduction, how web apps work, HTTP, intercepting traffic
- Web app components
- HTTP, encoding, routed vs non-routes applications
2 – Attacking authentication
- What is authentication, common authentication mechanisms
- MFA
- Logic issues & password resets
- Enumeration via response timing
3 – Attacking access control
- What is access control, common access control mechanisms
- Client-side controls
- Header-based access controls
4 – SQL injection
- Introduction to SQL & SQL injection
- SQLi to bypass authentication
- Exfiltrating information, enumerating tables and columns
- Stacked queries & filter bypasses
- Blind SQLi
5 – Command injection
- Introduction to command injection
- Blind command injection
- OOB command injection
6 – XXE
- Introduction to XXE
7 – Directory traversal
8 – Insecure file uploads
9 – SSRF
10 – XSS
11 – CSRF
12 – Scanning, filter bypasses, WAF bypasses
13 – Logic flaws
14 – Bringing it all together – building a methodology
15 – Doing a pentest
Enroll in this course
€2,899.99
