Web Application penetration Testing(WAPT) is the Security testing techniques for vulnerabilities or security holes in corporate websites and web applications. These vulnerabilities leave websites open to exploitation.
Companies now a days are moving their most applications and critical business process on web. Web applications are a major point of vulnerability in organizations today. Web app holes have resulted in the theft of millions of credit cards, major financial and reputational damage for hundreds of enterprises, and even the compromise of thousands of browsing machines that visited Web sites altered by attackers.
It is sad but true that many of the advantages that make online applications so convenient, also make them incredibly insecure. As a result, hackers are able to use web applications to penetrate enterprises' network and access private customer databases. The resulting identity and data theft has become a major concern for corporations and consumers alike.
Globally with the rising number of incidents of web defacement, the scope of Web Application penetration Tester is definitely rising. Today Web Application Penetration Testers are in very high demand in software companies, IT security firms, Government and Private Sectors etc.
Scope of web application penetration testing in india:
Web Pen tester, Web security analyst/consultant, Web Application security analyst.
40 hours - 2 classes per week
OR Successful completion of module II & - III or IV, of "Industry Ready" course - www.isoeh.com/industry-ready.html
Inclusive of all taxes
Penetration Testing of Cloud-based Web Applications (SaaS and PaaS)
This will be the WAPT-Level 2, which requires knowledge of WAPT at the very least, along with knowledge of Web-Application Technologies, DBMS and Networking. This course will very specifically cater to the vulnerability assessment of SaaS and PaaS systems, and how to perform VA and PT on them. Also the tool that I intend to use for this course will be Burp (simply because it is the only tool which allows you to scan cloud-based systems pseudo-manually, which is extremely important. Other scanners like Acunetix aren't good at scanning and testing of Cloud-based systems). As a result, this course will be very intensive and centered around the usage of Burp suite along with its different modules, along with fine-tuning and advanced usage.
WAPT Beginner, or knowledge of Web Application Penetration Testing
Inclusive of all taxes
Examination will be similar to the Offensive Security exams, where we will provide 3 test-systems to the student and they have to root at least two systems in 8 hours in order to pass. (I will set this up in the NPT Lab).
Fields marked with * are mandatory.