Level I

Web Application penetration Testing(WAPT) is the Security testing techniques for vulnerabilities or security holes in corporate websites and web applications. These vulnerabilities leave websites open to exploitation.

Companies now a days are moving their most applications and critical business process on web. Web applications are a major point of vulnerability in organizations today. Web app holes have resulted in the theft of millions of credit cards, major financial and reputational damage for hundreds of enterprises, and even the compromise of thousands of browsing machines that visited Web sites altered by attackers.

It is sad but true that many of the advantages that make online applications so convenient, also make them incredibly insecure. As a result, hackers are able to use web applications to penetrate enterprises' network and access private customer databases. The resulting identity and data theft has become a major concern for corporations and consumers alike.

Globally with the rising number of incidents of web defacement, the scope of Web Application penetration Tester is definitely rising. Today Web Application Penetration Testers are in very high demand in software companies, IT security firms, Government and Private Sectors etc.

Scope of web application penetration testing in india:
Web Pen tester, Web security analyst/consultant, Web Application security analyst.

Duration

Duration

40 hours-2 classes per week

Eligibility

Eligibility

  1. Strong knowledge of JAVA OR .NET OR PHP
  2. Knowledge of Database Programming
  3. Knowledge of HTML & Javascript

OR Successful completion of module II & - III or IV, of "Industry Ready" course - https://www.isoeh.com/industry-ready.html

Course Fees

Course Fees

Rs.14,500/-

Course Details

Web Application introduction
Core Defence Mechanism
Web Application Technologies and Protocols
Mapping the Application
Enumerating Content
Analyzing the Application
Bypassing Client-Side Controls
Mapping the Attack Surface
Hidden form fields & threats
Attacking Authentication
Attacking Session Management
Web2.0 securities
Hacking Webservices
Threat Modeling- Application security Control
Injecting code
SQL Injection
Cross Site Scripting (XSS)
CSRF With Hijacks
Hijacking the Browser
Controlling Zombies
Attacking Webserver
Web Server Exploits
Hardening Webserver
Source code vulnerabilities : JAVA, ASP.net, Perl, Javascript
Web Application hackers Toolkit
 
 

 

 

Level II

Penetration Testing of Cloud-based Web Applications (SaaS and PaaS)

This will be the WAPT-Level 2, which requires knowledge of WAPT at the very least, along with knowledge of Web-Application Technologies, DBMS and Networking. This course will very specifically cater to the vulnerability assessment of SaaS and PaaS systems, and how to perform VA and PT on them. Also the tool that I intend to use for this course will be Burp (simply because it is the only tool which allows you to scan cloud-based systems pseudo-manually, which is extremely important. Other scanners like Acunetix aren't good at scanning and testing of Cloud-based systems). As a result, this course will be very intensive and centered around the usage of Burp suite along with its different modules, along with fine-tuning and advanced usage.

Duration

Duration

40 hours

Eligibility

Eligibility

WAPT Beginner, or knowledge of Web Application Penetration Testing

Course Fees

Course Fees

Rs. 14,500/-

Course Details

Introduction to Cloud Computing
What is SaaS and PaaS
Concepts of Web 2.0 and Technologies in use
Inherent vulnerabilities in Cloud systems
Application logic flaws and their identification (manual)
Server-side logic flaws and their identification (manual)
Introduction to Burp Suite
Advanced usage of Burp and its modules (includes stuff like fine-tuning scans, using Intruder, Sequencer and other modules etc)
Testing Cloud systems using Burp
Testing Application logic using Burp
Exploitation and Confirmation of vulnerabilities using Burp
 

Examination will be similar to the Offensive Security exams, where we will provide 3 test-systems to the student and they have to root at least two systems in 8 hours in order to pass. (I will set this up in the NPT Lab).

 

Enroll Now

Fields marked with * are mandatory.

Workshop Seminar Newspaper Internet Facebook Others