US:(972)-968-9864

 

Web Exploitation Expert


 

Overview:


(CWEE) Certified Web Exploitation Expert


Many of today's websites have grown significantly more complex, Critical business functionality available to employees and possibly even the public across the Internet via portals. Fully functional office suites are being offered via your web browser, Web based administration of critical business applications and even security infrastructures. There is now a much bigger attack surface, more complexity for attackers to manipulate, more payoff for bad guys looking to commit fraud, make money, or cause mayhem. Web sites are doing more without us knowing it, HTTP requests made without user interaction Mash-ups combine various applications, AJAX and other technologies allow sites to make requests for us. There is dearth need to explore those advance areas of web exploitation, in-depth. Our Web Exploitation Expert level course has been designed keeping in mind about latest web application attacks.


Course Content:

 

  • The Core Security Problem: Users Can Submit Arbitrary Input
  • The New Security Perimeter
  • Client-Side Functionality
  • Mapping the Application
  • Advance SQL Injection
  • Advance XSS
  • Reflected XSS Vulnerabilities
  • Stored XSS Vulnerabilities
  • Storing XSS in Uploaded Files
  • DOM-Based XSS Vulnerabilities
  • Real-World XSS Attacks
  • Chaining XSS and Other Attacks
  • Advance CSRF
  • Playing around with Firefox Add-ons
  • Cross site printing
  • Bypassing Web Application Firewalls
  • Shell injection
  • XPath Injection
  • Finding OS Command Injection Flaws
  • Dynamic Execution Vulnerabilities for PHP, ASP
  • Business logic issues and Race conditions
  • Advance file inclusion attacks
  • Exploiting Path Traversal
  • Attacking Application Logic
  • AJAX Security
  • JSON Hijacking
  • Session Fixation
  • Stack Overflows
  • Heap Overflows

 


Duration: 4 Days

 

Materials Provided:

  • Web Exploitation Lab Guide

 

Who Should Attend:

  • Penetration Testers, Web Security Professionals and anyone else who wants to tune their elite web security skills.

  • Anyone who is interested in advance exploitation and want to take their exploitation skills at advance level are prime candidates for this course.

    Prerequisites:

  • Delegates are expected to be well aware of OWASP Top 10 Bugs.

  • Ability to work your way around basic web application attacks.

  • Good understanding of TCP/IP & SSL, exposure to javascript & any web prgramming will always be plus.

     

What to bring:

  • A working laptop with the following hardware/software requirements:

  • Hardware Requirements

  • Hardware must be able to run a 64-bit VM If you can only get an Intel 32-bit machine you will still be able to do 85% of the labs, so don't fret. MINIMUM 2048 MB RAM required. If you can only get 1GB then you will get by but just slowly.

  • Wireless network card - no wired network provided

  • 20 GB free Hard disk space, USB 2.0 port to copy lab VMs

    Operating Systems (one of the following) Windows XP SP2/SP3 or Windows 7

  • It is highly recommended that students install any penetration testing distro either in Vmware or on their Hard-Disk. (Upto them to use Live DVD)

  • If it's a company laptop with user access only, get your administrator to allow USB and install the latest version of VMWare Player

  • Ability to disable Anti-virus / Anti-spyware programs Ability to disable Windows Firewall or personal firewalls.

  • Root access mandatory

  • SSH should be available

  • NOT SUPPORTED: Macs Up to you if you want to take the risk. As long as you can run VMWare machines in fusion you should be ok, but there are no guarantees and if you find you can't boot the VMs up then you will be watching over someone else's shoulder whilst they give you the evil eye.

"The Intro Sessions and Advanced Attacking phase are awesome and with the added bonus of Lab Book you take the cake!  I love the practical sessions!"
    - Jodie L. Johnson, Senior Software Engineer, Amazon, USA


"I am very happy with all your training sessions. I recommend CPTP course for anyone, who is willing to start career in penetration testing."
    - G. Joseph, Security Analyst, Verizon, USA

 


" Advance ethical hacking course was really worth learning, CPTP exam is setting new trend in infoSec industry."
  - Mark Waller, US Dept. of Defense

"Mr. Aatif is very knowledgeable about the course content, I would recommend CPTP Course who wants to get deep in Ethical Hacking."
 - Patrick Cooper, System Engineer, Sony Corporation of America


"Lab exercises along with trainer helped me to understand ethical hacking in much better & easier way."
 - Daniel Miller, U.S Army