<div style="margin:20px 0 0 200px"> To view the site, enable JavaScript by changing your browser options, then <a href="">Try Again</a>.</div>

Level I

Web Application penetration Testing(WAPT) is the Security testing techniques for vulnerabilities or security holes in corporate websites and web applications. These vulnerabilities leave websites open to exploitation.

Companies now a days are moving their most applications and critical business process on web. Web applications are a major point of vulnerability in organizations today. Web app holes have resulted in the theft of millions of credit cards, major financial and reputational damage for hundreds of enterprises, and even the compromise of thousands of browsing machines that visited Web sites altered by attackers.

It is sad but true that many of the advantages that make online applications so convenient, also make them incredibly insecure. As a result, hackers are able to use web applications to penetrate enterprises' network and access private customer databases. The resulting identity and data theft has become a major concern for corporations and consumers alike.

Globally with the rising number of incidents of web defacement, the scope of Web Application penetration Tester is definitely rising. Today Web Application Penetration Testers are in very high demand in software companies, IT security firms, Government and Private Sectors etc.

Scope of web application penetration testing in india:
Web Pen tester, Web security analyst/consultant, Web Application security analyst.

Duration

Duration

40 hours - 2 classes per week

Eligibility

Eligibility

  1. Strong knowledge of JAVA OR .NET OR PHP
  2. Knowledge of Database Programming
  3. Knowledge of HTML & Javascript

OR Successful completion of module II & - III or IV, of "Industry Ready" course - www.isoeh.com/industry-ready.html

Course Fees

Course Fees

Rs.14,750/-
Inclusive of all taxes

Course Details

  • Web Application introduction
  • Core Defence Mechanism
  • Web Application Technologies and Protocols
  • Mapping the Application
  • Enumerating Content
  • Analyzing the Application
  • Bypassing Client-Side Controls
  • Mapping the Attack Surface
  • Hidden form fields & threats
  • Attacking Authentication
  • Attacking Session Management
  • Web2.0 securities
  • Hacking Webservices
  • Threat Modeling- Application security Control
  • Injecting code
  • SQL Injection
  • Cross Site Scripting (XSS)
  • CSRF With Hijacks
  • Hijacking the Browser
  • Controlling Zombies
  • Attacking Webserver
  • Web Server Exploits
  • Hardening Webserver
  • Source code vulnerabilities : JAVA, ASP.net, Perl, Javascript
  • Web Application hackers Toolkit

Level II

Penetration Testing of Cloud-based Web Applications (SaaS and PaaS)

This will be the WAPT-Level 2, which requires knowledge of WAPT at the very least, along with knowledge of Web-Application Technologies, DBMS and Networking. This course will very specifically cater to the vulnerability assessment of SaaS and PaaS systems, and how to perform VA and PT on them. Also the tool that I intend to use for this course will be Burp (simply because it is the only tool which allows you to scan cloud-based systems pseudo-manually, which is extremely important. Other scanners like Acunetix aren't good at scanning and testing of Cloud-based systems). As a result, this course will be very intensive and centered around the usage of Burp suite along with its different modules, along with fine-tuning and advanced usage.

Duration

Duration

40 hours

Eligibility

Eligibility

WAPT Beginner, or knowledge of Web Application Penetration Testing

Course Fees

Course Fees

Rs.14,750/-
Inclusive of all taxes

Course Details

  • Introduction to Cloud Computing
  • What is SaaS and PaaS
  • Concepts of Web 2.0 and Technologies in use
  • Inherent vulnerabilities in Cloud systems
  • Application logic flaws and their identification (manual)
  • Server-side logic flaws and their identification (manual)
  • Introduction to Burp Suite
  • Advanced usage of Burp and its modules (includes stuff like fine-tuning scans, using Intruder, Sequencer and other modules etc)
  • Testing Cloud systems using Burp
  • Testing Application logic using Burp
  • Exploitation and Confirmation of vulnerabilities using Burp

Examination will be similar to the Offensive Security exams, where we will provide 3 test-systems to the student and they have to root at least two systems in 8 hours in order to pass. (I will set this up in the NPT Lab).

Enroll Now

Fields marked with * are mandatory.