This is a 2 day advanced web security training for system engineers, developers and security enthusiasts who want to learn to assess web applications and web servers.
The focus here is on both attacking and defending techniques. All the exercises are performed on our famous bWAPP web security testing framework.
Students will detect and exploit web vulnerabilities like SQL and HTML injections, authentication and session issues, XSS, CSRF, file inclusions, Heartbleed, Shellshock, Drupageddon, POODLE, ClickJacking, etc. Detection and exploitation are done using manual procedures as well as using open source tools and commercial web scanners!
At the end of this training course, the students should be able to assess web applications and web servers for security vulnerabilities. In addition, the students should be able to harden web servers, identify insecure code, and to write a false-positive free audit report.
We focus on methodologies and procedures, and not only on software tools. This approach - in combination with realistic hands-on labs - separates MME's courses from others.
This training is on demand, and can be organized on-site at your preferred location, or online through our MME CyberClass, this starting from 5 students.
- Introduction to Web Applications
- Pentesting and Methodologies
- OWASP and the Top 10 Risks
- Writing User-Friendly Reports
- Active/Passive Reconnaissance
- Vulnerabilities and Exploitation
- Post-Exploitation and Webshells
- Local Privilege Escalations
- Advanced Vulnerability Detection
- Intercepting Proxies
- Web Application Scanners
- Writing Secure Code
- Web Server Hardening
- Web Application Firewalls
- Your own laptop is required (!)
- Windows (pref), OS X or Linux
- Administrator privileges
- Ethernet and USB interface
- Ability to disable AV and IPS
- VMware Player/Fusion installed
- Strong interest in web security
- No coding knowledge required
To request a price quote or for more info, please fill out the form below.