WAPT Course Content

• Module 1: Penetration Testing Process
• Module 2: Introduction to Web Applications
• Module 3: Information Gathering
• Module 4: Cross-Site Scripting
• Module 5: SQL Injection
• Module 6: Authentication and Authorization
• Module 7: Session Security
• Module 8: Flash Security
• Module 9: HTML5
• Module 10: File and Resource Attacks
• Module 11: Other Attacks
• Module 12: Web Services
• Module 13: XPath
• Module 14: Penetration Testing Content Management Systems
• Module 15: Penetration Testing NoSQL Databases

You Will Be Able To

•Apply OWASP’s methodology to your web application penetration tests to ensure they are consistent, reproducible, rigorous, and under quality control.
•Assess both traditional server-based web applications, as well as modern AJAX-heavy applications that interact with APIs.
•Analyze the results from automated web testing tools to validate findings, determine their business impact, and eliminate false positives.
•Manually discover key web application flaws.
•Use Python to create testing and exploitation scripts during a penetration test.
•Discover and exploit SQL Injection flaws to determine true risk to the victim organization.
•Understand and exploit insecure deserialization vulnerabilities with ysoserial and similar tools.
•Create configurations and test payloads within other web attacks.
•Fuzz potential inputs for injection attacks with ZAP, Burp’s Intruder and ffuf.
•Explain the impact of exploitation of web application flaws.
•Analyze traffic between the client and the server application using tools such as the Zed Attack Proxy and BurpSuite Pro to find security issues.
•Leverage resources, such as the browser’s developer tools, to assess findings within the client-side application code.
•Manually discover and exploit vulnerabilities such as Command Injection, Cross-Site Request Forgery (CSRF), Server-Side Request Forgery (SSRF), and more.
•Learn strategies and techniques to discover and exploit blind injection flaws.
•Use the Browser Exploitation Framework (BeEF) to hook victim browsers, attack client software and the network, and evaluate the potential impact that XSS flaws have within an application.
•Use the Nuclei tool to perform scans of target web sites/servers.
•Perform two complete web penetration tests, one during the first five sections of course instruction, and the other during the Capture the Flag exercise.