Contact Us

Course: ICSI | CWPT Certified Web Penetration Tester.

Overview.

Open Web Application Security Project (OWASP) Top Ten is widely recognized as a powerful awareness document that represents a broad consensus among security experts about the most critical security risks to web applications. This course is designed to educate those who develop, administer and secure web applications about the most common web application security vulnerabilities, the potential impact of exploiting these weaknesses and basic approaches to mitigating web application security risks.

MSc Cybersecurity

  • Penetration testers
  • Ethical hackers
  • Web application developers
  • Website designers, architects, and developers

Basic familiarity with networking and Linux operating system.

Module 1: HTTP Protocol Overview

Lessons:

  • Important HTTP Methods
  • HTTP Status Codes
  • Cookies
  • Web Application Architecture
  • OWASP Top 10

Labs

  • Detecting HTTP Methods
  • Exploiting the PUT Method

Module 2: Web Vulnerability Scanners and Proxies

Lessons:

  • Burp Proxy
  • OpenVas
  • Nikto, Wapiti

Labs

  • Using Nikto
  • Web Vulnerability Scanners

Module 3: Profiling the Web Server

Lessons:

  • Nmap
  • Metasploit Auxiliary Modules

Labs

  • Scanning the Web Server

Module 4: Injection

Lessons:

  • Command Injection
  • SQL Injection
  • Mitigation of Injection

Labs

  • Authentication Bypass
  • SQL Injection

Module 5: Broken Authentication

Lessons:

  • Authentication Protocols and Weaknesses
  • Username Enumeration
  • Attacking Tomcat’s Password with Metasploit
  • Brute Forcing Credentials with Hydra
  • Mitigation of Broken Authentication

Labs:

  • Using Tomcat Manager to Execute Code
  • Username Enumeration and Brute Forcing

Module 6: Sensitive Data Exposure

Lessons:

  • Plaintext Protocols and Data Exposure
  • Mitigation of Sensitive Data Exposure

Labs:

  • Taking Advantage of the robots.txt file
  • Finding Sensitive Data on Web Applications

Module 7: XML External Entities (XXE)

Lessons:

  • XXE External Entities
  • Mitigation of XML External Entities (XXE)

Labs:

  • XXE Exploitation

Module 8: Broken Access Control

Lessons:

  • Directory Traversal Overview
  • Mitigation of Broken Access Control

Labs:

  • Remote File Inclusion
  • Local File Inclusion
  • Attacking Path Traversal

Module 9: Security Misconfiguration

Lessons:

  • Understanding Security Misconfiguration
  • Using Dirb to detect Security Misconfiguration Issues
  • Mitigation of Security Misconfiguration

Labs:

  • Security Misconfiguration

Module 10: Cross-Site Scripting (XSS)

Lessons:

  • Types of Cross-Site Scripting
  • Using Burp to Test for XSS Vulnerabilities
  • Mitigation of Cross-Site Scripting (XSS)

Labs

  • Reflected Cross Site Scripting (XSS)
  • Stored XSS – Stealing User Cookie
  • Exploiting Stored XSS Using the Header
  • Identifying XSS Vulnerabilities

Module 11: Using Components with Known Vulnerabilities

Lessons:

  • Examples
  • Searching for Vulnerabilities
  • Mitigation of Using Components with Known Vulnerabilities

Review Questions

Labs:

Identifying Web App Vulnerabilities

  • Exam Code: CPT-WEB
  • Type of Questions: Hands-On Multiple Choice
  • Duration: 2 Hours
  • Passing Score: 70%
  • Exam Voucher Included

If you’re interested in attending a private training session or would like to receive our schedule, please don’t hesitate to contact us!

register
Discover more

Join our newsletter to stay up to date on features and releases.

By subscribing you agree to with our Privacy Policy and provide consent to receive updates from our company.

Get in touch

Contact us

DefensityOne 2024 | All rights reserved 

Privacy Policy