Web Application Hacking

A practical workshop on how to detect and exploit Web application vulnerabilities and use this to their advantage when attacking information systems.

40 hours

Red Team

40 hours

Red Team

INTERESTED? CONTACT US

ABOUT THE PROGRAM

What are Web applications? The term encompasses everything that can be accessed via a web browser, from applications to server technologies (operating systems, web servers, native applications, and databases, etc.) from endpoint technologies (browsers and extensions) to JavaScript and more. Although these apps are common, very few individuals can master the entire technological stack. The challenge for those seeking to test Web application vulnerabilities is understanding all the different technologies involved. While developers may know what language they code in, penetration testers should know them all.

This course provides students with a comprehensive overview of the Web service attack process. The topics covered include carrying out scans, mapping vulnerabilities, and resources, performing various database code injections, reading, and writing, operating system file tables, executing code on the operating system, exploiting authentication and session issues, manipulating vulnerable components on the server, identifying weak configurations, performing user-side code injections, launching browser attacks, and social engineering. The course also offers a hands-on practical experience that focuses on manual techniques which help students understand the various steps of the organized testing process.

The course covers the following topics:

DON'T TOUCH THIS TAB

It’s important to improve the accordion’s behaviour

Penetration Testing and Web Applications

Meet the Web stack
Proactive security testing vs. hacking
Automated vs. manual testing
Code vulnerabilities and severity scoring

Environment Setup

To Kali or not to Kali
Tools of the trade
Deliberately vulnerable applications and servers

Profiling the web server

Scanning for open ports
Fingerprinting the application stack
Enumerating files, directories, and other resources
Scanning for known application vulnerabilities
Avoiding detection while profiling

Datastore Injections

Error-based datastore information retrieval
Union-based manual SQL injections
Exploiting build-in functions
Reading and writing files with union injections
Generating Web shells and full shells
Blind Boolean injections
Blind time-based injections
Bonus: Schema-less injections?!

Don't touch this tab

ABOUT SOTERIA GLOBAL

SOTERIA Global is a global leader in cyber-security training solutions and services.

The cyber world is now a part of our everyday life. New technology emerges daily, and as opportunities increase, so do cyber risks. Threats constantly evolve, and we must protect our valuable assets.

A successful cyber defense has many factors, but they all have one thing in common: dedicated, skilled individuals.

SOTERIA Global experts develop our solutions and rely on the best technological assets in the market. Our impressive global presence expands over four continents, giving us access to the best cybersecurity professionals.

Our solutions range from customized training programs to developing cyber-oriented facilities, ensuring that individuals and organizations are ready to face real-world threats. Over the years, we have worked with various organizations across many sectors, giving us the skillset to shape and adapt our solutions to meet our client’s needs.

COURSE INFO

Server-side and client-side Web application developers
Analysts
IT specialists
Incident Response Teams

Advanced knowledge of Web technologies (server code , SQL, JavaScript, HTML)
Server-side programing
Familiarity with Windows and Linux operating systems is advantageous
Familiarity with TCP/IP protocols is advantageous

Performing penetration testing
Using he tools of the trade
SQL injections
Advanced web server profiling