A 4-day on a Client Site or Public course delivered by a CREST-Certified CHECK Team Leader
Web applications have in recent years increasingly become the prime focus of malicious attacks by cyber criminals. By exploiting the potential weak spots within a web application code, a threat actor is able to gain unauthorised access to sensitive information stored at the backend. Due to the increase in the quantity and importance of the data used by the web application, it is important that web developers/application pen testers learn how to secure/defend them.
Using a holistic approach that covers the mitigation strategies for the supporting infrastructure and web application coding using the real-world scenarios, our course prepares you to write secure applications as well as defend one from a consultant’s perspective. The supporting slides and the classroom discussion would add benefit for the attendees to learn new techniques of attack and help understand the mitigation of the same.
Based on the audience level, this course is taught in two different classes:
An Advanced course can be squeezed into 3 days based on client requirement/audience skill-set.
Security professionals (analysts, consultants, IT security officers), web developers and security administrators who are looking to add to their skill-set are welcome!
This course covers real world scenarios and discusses techniques that can be used by the attendees to improve their skill-set, and prepare for professional pen test certifications.
A training room equipped with internet and a projector.
All coursework is performed in designated labs. Each attendee is provided with a VPN setup in order to connect to the labs. You only need a laptop and ensure that you have admin/root access.
Each of the above classes is delivered by a CREST-Certified CHECK Team Leader with over 9 years professional penetration testing experience (ex-employers include Deloitte, IRM and the NCC Group).
All attendees are provided with class course documents along with lab challenges and solutions. Hints will be dropped throughout the challenges, including via Capture The Flag (CTF) events. Complete module answers are either provided in the class on the same day, or emailed afterwards.
This section outlines the course syllabus designed to help professionals achieve a high skill- set to improve their delivery quality. Highlighted text below relates to advanced track syllabus.
● Exploiting clickjacking.
● Flash/Java application security.
● .Net remoting (optional).
● Advanced SQL injection.
● Cross Site Scripting bypass blacklist techniques.
● Creating custom Burp plugins (optional).
This course is available as internal training course delivered on client site or alternatively you can attend one of our public courses. Please fill in the form below and one of our team will get in touch to discuss your requirments.