Contact us

Application Penentration Testing Training

A 4-day on a Client Site or Public course delivered by a CREST-Certified CHECK Team Leader

Book Now Talk To An Expert

 

A Black Hat USA 2015 Course

Delivered by a CHECK Team Leader

Bootcamp Style Intensive Training

Infrastructure, Networks and Apps

Course Overview                                                                  

Web applications have in recent years increasingly become the prime focus of malicious attacks by cyber criminals. By exploiting the potential weak spots within a web application code, a threat actor is able to gain unauthorised access to sensitive information stored at the backend. Due to the increase in the quantity and importance of the data used by the web application, it is important that web developers/application pen testers learn how to secure/defend them.

Using a holistic approach that covers the mitigation strategies for the supporting infrastructure and web application coding using the real-world scenarios, our course prepares you to write secure applications as well as defend one from a consultant’s perspective. The supporting slides and the classroom discussion would add benefit for the attendees to learn new techniques of attack and help understand the mitigation of the same. 

What is the class difficulty level?

Based on the audience level, this course is taught in two different classes:

  • Intermediate Track (Beginner to Intermediate level experience) – 2 days
  • Advanced Track (In Depth) – 4  days

An Advanced course can be squeezed into 3 days based on client requirement/audience skill-set.

Who should attend this  course?

Security professionals (analysts, consultants, IT security officers), web developers and security administrators who are looking to add to their skill-set are welcome!

This course covers real world scenarios and discusses techniques that can be used by the attendees to improve their skill-set, and prepare for professional pen test certifications. 

What are the pre-requisites for attendees?

  • Intermediate Track – web application familiarity is required. 
  • Advanced Track – basic application assessment and tools knowledge/experience is necessary.

 

What are the logistical requirements for onsite training?

A training room equipped with internet and a projector.

All coursework is performed in designated labs. Each attendee is provided with a VPN setup in order to connect to the labs. You only need a laptop and ensure that you have admin/root access.

Who teaches this course?

Each of the above classes is delivered by a CREST-Certified CHECK Team Leader with over 9 years professional penetration testing experience (ex-employers include Deloitte, IRM and the NCC Group). 

All attendees are provided with class course documents along with lab challenges and solutions. Hints will be dropped throughout the challenges, including via Capture The Flag (CTF) events. Complete module answers are either provided in the class on the same day, or emailed afterwards.

 

Hands-On Hacking Syllabus                                        

This section outlines the course syllabus designed to help professionals achieve a high skill- set to improve their delivery quality. Highlighted text below relates to advanced track syllabus. 

Features:

  • Dedicated labs for training and practise
  • 100% Practical
  • Hands-on training
  • Black Hat 2015 Course
  • CHECK Team Leader Instructor
  • Course Material
  • Capture the flag-style challenges
  • Best practices from an experienced tutor
  • Access to labs post training for up to 2 months

 

Course Outline

  New Call-to-action

Day 1: Laying the Foundation & Testing Methodology
● Application security overview.
● Application architecture (single tier, multi-tier).
● Web technologies.
● HTTP basics (different HTTP methods and how to exploit them on a web server).
● Current attack trend (discussion on past attacks and techniques used).
● Common pen test tools overview – strength and weaknesses of tools including manual and automated assessment techniques.
● Pen test tool basics – Burp Proxy, ZAP Proxy and Fiddler.
● Browser plugins for application assessment.
● Google hacking (passive application attacks).
● Port scanning of the supporting infrastructure.
● Web server assessment (looking for configuration issues).
● SSL security (TLS/SSL configuration issues).
● Default configuration checks/common CMS identification techniques.
Day 2: Application Testing (Covering OWASP Top 10)
● Authentication vulnerabilities
● Session management security (Session
● Business logic flaws
● SQL Injection – Blind, Error based, Time, out-of-band
● Cross Site Scripting – DOM, Reflected, Stored
● Insecure direct object references
● Broken Access Control (Weak Authorization checks)
● Session Fixation
Day 3: Application Testing (OWASP Top 10)
● Web services/XML attacks.
● Web services overview.
● XML security.
● SOAP/WSDL/JSON/AJAX hacking.
Day 4: Advanced Application Hacking Techniques

● Exploiting clickjacking.
● Flash/Java application security.
● .Net remoting (optional).
● Advanced SQL injection.
● Cross Site Scripting bypass blacklist techniques.
● Creating custom Burp plugins (optional).

 

Upcoming courses:

London November 2016
Dubai December 2016
Singapore January 2017
Zurich March 2017
BOOK A COURSE NOW

What people say:
  • clear-img.png

    I found the course to be very interesting. It not the usual bookish theoretical type, of course, it was quite interactive.."

    Sanjay Khanna

    CIO, Rak Bank, Dubai

  • clear-img.png

    Amar Singh brings a wealth of personal experience and knowledge.”

    Hariprasad Chede

    President ISACA UAE

  • clear-img.png

    The course was excellent. Not the typical core text book training but giving valuable insights and experiences.”                                 

    Youssef Karroum

    Head of IT, Bank of Sharjah, UAE

  • clear-img.png

    This was the most interesting and attractive courses I have ever attended. A lot of inside knowledge was shared.

    Saptorshi Datta

    Head of Audit, Emirate Global Aluminium, UA

  • clear-img.png

    "I wish all Senior Executives attend this course. It’s the most practical course I have ever attended. It teaches you not just how to understand but also how to respond to a Cyber Attack. ."                              

    K.S.Ramakrishn

  • clear-img.png

    "The information we learnt provoked plenty of conversation both around personal experiences with the challenges that I face in the business  and also backing up what was said in the course with real-life examples"

    Aaron Townsend

  • clear-img.png

    "The training was very informative and well knowledgable and i would recommend this course to anyone who wishes to explore cyber security even further."

    Frank Manoharan

    IT Director, Christ the King Sixth Form Colleges London

  • clear-img.png

    "It’s been a great two days of learning. We drilled down, we simplified how an incident should be detected and how an incident should be handled. One of the key learnings I have taken is define normal. ."

    Sanjoy John

  • clear-img.png

    "The overall training was good, it was quite informative. I highly recommend this training session to at least the CXO level people because it is something very meaningful for them and it can be very beneficial for organisations."

    Anuj Jain

  • clear-img.png

    "Amar is a good mentor because he did more than just teaching. The checklist and mind maps are a really good part of the course. ."

    Vimal Rama

    IT Manager, HLB HAMT, Dubai UAE

  • clear-img.png

    "Amar is an excellent tutor and mentor also. The key aspects of the training is interactive sessions. Everyone has shared their experiences. I gained much knowledge which will be useful for my day to day activities."

    BGK Vikram

  • clear-img.png

    "I really learnt a lot from this course as it was the first cyber security course I have been on. What I liked the most was the mind-mapping."

    Krishna Raghupati

    Paramount Computer Services,  Dubai UAE

  • clear-img.png

    "I recommend everyone to attend this course whether your business is at the beginning or whether you have already implemented some of the IT security procedures. Even if you think you are protected but in fact it is not protected.."

    Bir Lama
VIEW MORE
CIPR_BTIMM_Small.jpg

FREE BEFORE THE INCIDENT MIND MAP

Book a call to discuss or ask any questions about the course. Please don't forget to change your location first.
  • testimonial_img.png

    This course is created by a CREST-Certified CHECK Team Leader with over 9 years experience. Penetration testing clients include some of the largest banks in the world. 

    CREST-Certified CHECK Team Leader

     

Book your Management Best Practice in SAP Compliance Security and Audit Essentials (SAP - CSA) course. 

This course is available as internal training course delivered on client site or alternatively you can attend one of our public courses. Please fill in the form below and one of our team will get in touch to discuss your requirments. 

  • callOr call us on:
  • +44 (0) 203 189 1422
ce_logo.png
gchq_logo.png
cs_logo.png

Simply fill in your details to request a free callback:

Sign up to our Newsletter:

  • Or call us on:
  • +44 (0) 203 189 1422
Cyber Management