- Threat Modelling Principle
- OWASP Top 10 Vulnerabilities
- Server & Application Fingerprinting
- Site Mapping & Web Crawling
- Looking for leftovers and backup files
- Page enumeration and brute-forcing
- Identifying the entry points
- Home
- Infosec Train
- Courses
- Web Application Penetration Testing Online Training Course
Web Application Penetration Testing Online Training Course
Become an expert in testing and exploiting the security of web and mobile apps with the Web Application Penetration Testing training programme.
Online
Quick facts
particular | details | |
---|---|---|
Medium of instructions
English
|
Mode of learning
Self study, Virtual Classroom
|
Mode of Delivery
Video and Text Based
|
Course overview
The Web Application Penetration Testing course by Infosec Train is developed to teach the nuances of web app penetration testing in immersive environments. Infosec Train’s trainers are industry experts and will imbue you with skills like information gathering, web application analysis, and enumeration to add to your skill tree.
Moreover, with the Web Application Penetration Testing online course, you also get access to Infosec Train’s in-house cloud-hosted lab environment for hands-on penetration testing experience. You will be offered access to an app that will demonstrate vulnerability commonly found in a mobile or web app. This practical exposure will help you assess the app and exploit it like an experienced professional.
By the end of the Web Application Penetration testing programme, you will be able to find vulnerabilities in source code efficiently. You will also master how to defend and exploit web and mobile apps, and perform static and dynamic app analysis.
The highlights
- Hands-on exposure with various vulnerabilities
- Access to a cloud-hosted lab environment
- 40 hours of instructor-led training
- Expert certified instructors
- Real-life scenarios for practical understanding
- Flexible schedule
- Access to recorded sessions
Program offerings
- Access to cloud-based labs
- Hands-on exposure
- 40+ hours of learning material
- Certified trainers
- Real-life scenarios for practical understanding
Course and certificate fees
certificate availability
certificate providing authority
Eligibility criteria
It’s recommended that you have at least one year of work experience in an information security role before enrolling in the Web Application Penetration testing online course. Also, it’s recommended that you know basic HTML, HTTP, JavaScript, and PHP.
What you will learn
Upon completing the Web Application Penetration testing course, you will be proficient in methodologies like:
- Finding vulnerabilities in source code
- Types of vulnerabilities
- Web application assessment
- Defending and exploiting web and mobile apps
- Static and dynamic app analysis
- Exploit weaknesses of web application security
- Insecure file handling
- Information leaks
Who it is for
The Web Application Penetration Testing programme offers immense value for:
- Application developers
- Web administrators
- Penetration testers
- Security analysts
Admission details
- Visit the Web Application Penetration Testing programme website.
- Select your preferred learning mode by scrolling down.
- Fill in the pop-up form that appears on the screen after you hit “Enroll Now”
- Submit the form. Infosec Train will get in touch with you shortly to discuss the further admission steps.
Filling the form
Your name, country name, email address, and phone number are all you have to enter while filling the short contact form. On the other hand, if you wish to enroll for the Web Application Penetration Testing online training as a corporate entity, you also need to specify your company name and employee size.
The syllabus
Module 1: Web Application Assessment
Module 2: Authentication vulnerabilities
- User enumeration
- Authentication scenarios
- Default users/passwords
- Guessing passwords – Brute force & Dictionary attacks
- Direct page requests
- Weak password policy
- Password flaws
- Parameter modification
- Lack of SSL at login pages
- Locking out users
- Login without SSL
- Bypassing weak CAPTCHA mechanisms
Module 3: Authorisation vulnerabilities
- Authorisation bypassing
- Role-based access control (RBAC)
- Forceful browsing
- Insecure direct object reference
- Client-side validation attacks
Module 4: Improper Input Validation & Injection vulnerabilities
- Blacklist VS Whitelist input validation bypassing
- Input validation techniques
- Directory traversal
- Encoding attacks
- Code injection
- Command injection
- XML injection – XPath Injection | Malicious files | XML Entity
- Log injection
- LDAP Injection
- Bomb
- Common implementation mistakes – authentication
- SQL injection
- Special chars – ‘ & < >, empty
- Cross-Site Scripting (XSS)
- Bypassing using SQL Injection
- Reflected VS Stored XSS
Module 5: Insecure file handling
- Canonicalisation
- Path traversal
- Insecure file extension handling
- Uploaded files backdoors
- File size
- Directory listing
- Malware upload
- File type
Module 6: Session & browser manipulation attacks
- Cookie-based session management
- Session management techniques
- Cookies – secrets in cookies, tampering
- Cookie properties
- Missing Attributes – httpOnly, secure
- Exposed session variables
- Long session timeout
- Session validity after logoff
- Session id rotation
- Session keep alive – enable/disable
- Cross-Site Request Forgery (CSRF) – URL Encoding
- Session Fixation
- Open redirect
Module 7: Information leak
- Web Service Testing
- Web Services Assessment
- Testing WSDL
- OWASP Web Service Specific Testing
- LFI and RFI]
- SQL Injection to Root
- OWASP Top 10 Revamp
How it helps
By enrolling in the Web Application Penetration Testing online training, you get access to quality courseware - delivered by expert instructors - that will make you an expert in penetration testing in no time. Hands-on coaching is also provided on Infosec Train’s proprietary cloud-based lab, where you can put newly learned skills to practice.
By the course’s end, you will be more than proficient at handling testing and exploits and can apply for lucrative job roles across various industries.
Instructors
Mr Sanyam Negi
Instructor
Freelancer
Other Bachelors
FAQs
Hands-on training is conducted on Infosec Train’s in-house cloud-based lab.
You get access to 40+ hours of expert-led training.
Yes, the Web Application Penetration Testing programme is accredited by Infosec Train.
Online training, One-to-One training, and Corporate training – these are the three training modes you can choose from.
Yes. Basic HTML, PHP, HTTP, and JavaScript programming experience is recommended.