Enroll Today
WAPT Course Content
• Module 1: Penetration Testing Process
• Module 2: Introduction to Web Applications
• Module 3: Information Gathering
• Module 4: Cross-Site Scripting
• Module 5: SQL Injection
• Module 6: Authentication and Authorization
• Module 7: Session Security
• Module 8: Flash Security
• Module 9: HTML5
• Module 10: File and Resource Attacks
• Module 11: Other Attacks
• Module 12: Web Services
• Module 13: XPath
• Module 14: Penetration Testing Content Management Systems
• Module 15: Penetration Testing NoSQL Databases
You Will Be Able To
•Apply OWASP’s methodology to your web application penetration tests to ensure they are consistent, reproducible, rigorous, and under quality control.
•Assess both traditional server-based web applications, as well as modern AJAX-heavy applications that interact with APIs.
•Analyze the results from automated web testing tools to validate findings, determine their business impact, and eliminate false positives.
•Manually discover key web application flaws.
•Use Python to create testing and exploitation scripts during a penetration test.
•Discover and exploit SQL Injection flaws to determine true risk to the victim organization.
•Understand and exploit insecure deserialization vulnerabilities with ysoserial and similar tools.
•Create configurations and test payloads within other web attacks.
•Fuzz potential inputs for injection attacks with ZAP, Burp’s Intruder and ffuf.
•Explain the impact of exploitation of web application flaws.
•Analyze traffic between the client and the server application using tools such as the Zed Attack Proxy and BurpSuite Pro to find security issues.
•Leverage resources, such as the browser’s developer tools, to assess findings within the client-side application code.
•Manually discover and exploit vulnerabilities such as Command Injection, Cross-Site Request Forgery (CSRF), Server-Side Request Forgery (SSRF), and more.
•Learn strategies and techniques to discover and exploit blind injection flaws.
•Use the Browser Exploitation Framework (BeEF) to hook victim browsers, attack client software and the network, and evaluate the potential impact that XSS flaws have within an application.
•Use the Nuclei tool to perform scans of target web sites/servers.
•Perform two complete web penetration tests, one during the first five sections of course instruction, and the other during the Capture the Flag exercise.
Laptop requirements
Important! Set up your own system according to these guidelines.
To effectively engage in this course, your system must be properly configured. If you do not properly read and follow these directions, you will be unable to fully engage in the course’s hands-on tasks. Please ensure that you are available with a system that meets all of the mentioned requirements.Make a backup of your system before attending class. Better better, use a system that does not contain any sensitive or critical data. Dark ExploiT is not liable for your system or data.
MANDATORY WAPT SYSTEM HARDWARE REQUIREMENTS
CPU: 64-bit Intel i5/i7 (8th generation or later), or Ryzen equivalent. This class requires an x64-bit processor with a clock speed of 2.0 GHz or above.CRITICAL: Apple Silicon devices cannot execute the required virtualization and so cannot be used for this course.BIOS settings must be changed to allow virtualisation technologies, such as the “Intel-VTx” or “AMD-V” extensions. If your BIOS is password protected, make sure you can access it in case you need to make modifications.At least 8GB of RAM is necessary.At least 50GB of free storage space is required.There is at least one accessible USB 3.0 Type-A port. A Type-C to Type-A converter may be required for modern laptops.Some endpoint protection software does not allow the usage of USB devices, so test your system with a USB drive before class.Wireless networking (802.11) is required. There is no wired internet access in the classroom.