ICSI | CWPT Certified Web Penetration Tester (subscription)

ICSI | CWPT Certified Web Penetration Tester

Course Overview

You'll gain insight into the insecurities, vulnerabilities and exploits that lie within web applications so you can reduce the risk this poses to your business. This CREST Accredited course is based on OWASP Top 10 2017 and along with course Network Infrastructure Penetration Testing and Ethical Hacking will help students prepare for the CREST CRT examination.

100% online course - Study anywhere, anytime – all you need is a reliable internet connection
CREST Accredited Training Course
Course Duration: 24 Hours
24-hr remote access to a virtual lab allows you to learn, train and practice your skills in your own time.
Level: Intermediate

Course curriculum

1. Introduction
1. CWPT Lab
1. Important HTTP Methods
2. HTTP Status Codes
3. Guided Exercise: Detecting HTTP Methods
4. Guided Exercise: Exploiting the PUT Method
5. Cookies
6. Web Application Architecture
7. OWASP Top 10
1. Burp Proxy
2. OpenVas
3. Nikto, Wapiti
4. Lab: Using Web Vulnerability Scanners
5. Lab: Using Web Vulnerability Scanners (Solution)
1. Nmap
2. Metasploit Auxiliary Modules
3. Lab: Scanning the Web Server
4. Lab: Scanning the Web Server (Solution)
1. Command Injection
2. SQL Injection
3. Guided Exercise: Authentication Bypass
4. Lab: SQL Injection
5. Lab: SQL Injection (Solution)
6. Mitigation of Injection
1. Authentication Protocols and Weaknessess
2. Username Enumeration
3. Attacking Tomcat's Password with Metasploit
4. Brute Forcing Credentials with Hydra
5. Guided Exercise: Using Tomcat Manager to execute code
6. Lab: Username Enumeration and Brute Forcing
7. Lab: Username Enumeration and Brute Forcing (Solution)
8. Mitigation of Broken Authentication
1. Plain Text Protocols and Data Exposure
2. Guided Exercise: Taking advantage of the robots.txt file
3. Guided Exercise: Sensitive Data Exposure (Web Storage)
4. Lab: Finding Sensitive Data on Web Applications
5. Lab: Finding Sensitive Data on Web Applications (Solution)
6. Mitigation of Sensitive Data Exposure
1. XXE External Entities
2. Lab: XXE Exploitation
3. Lab: XXE Exploitation (Solution)
4. Mitigation of XML External Entities (XXE)
1. Directory Traversal Overview
2. Lab: Attacking Path Traversal
3. Lab: Attacking Path Traversal (Solution)
4. Mitigation of Broken Access Control
1. Understanding Security Misconfiguration
2. Using Dirb to detect Security Misconfiguration Issues
3. Lab: Security Misconfiguration
4. Lab: Security Misconfiguration (Solution)
5. Mitigation of Security Misconfiguration
1. Types of Cross-Site Scripting
2. Using Burp to test for XSS Vulnerabilities
3. Guided Exercise: Reflected Cross Site Scripting (XSS)
4. Guided Exercise: Stored XSS - Stealing user cookie
5. Guided Exercise: Exploiting stored XSS using the header
6. Lab: Identifying XSS Vulnerabilities
7. Lab: Identifying XSS Vulnerabilities (Solution)
8. Mitigation of Cross-Site Scripting (XSS)
1. Examples
2. Searching for Vulnerabilities
3. Lab: Identifying Web App Vulnerabilities
4. Lab: Identifying Web App Vulnerabilities (Solution)
5. Mitigation of using Components with Known Vulnerabilities
1. Guided Exercise: Remote File Inclusion
2. Guided Exercise: Local File Inclusion
3. Guided Exercise: Taking advantage of the robots.txt file
4. Guided Exercise: Identifying Web Application Firewalls
5. Guided Exercise: Command Execution
6. Guided Exercise: Attacking a session fixation vulnerability
7. Guided Exercise: Bypassing client-side controls using the browser
8. Guided Exercise: Using Nikto
1. CWPT Mock Exam
1. Exam Information
1. CWPT Course Evaluation

About this course

Free
75 lessons
0 hours of video content

Watch Intro Video

Detecting HTTP Methods

Video

What is included in this course

High-quality videos with in-depth content
Modular structure – student-directed path
Knowledge Checks at end of each module and the course
Lab Guide including video Guided Exercises and answer files
24x7 remote access to a virtual lab

ICSI | CWPT Certified Web Penetration Tester

Course Overview

Course curriculum

Web Application Penetration Testing and Ethical Hacking

CWPT Lab

Module 1: HTTP Protocol Overview

Module 2: Web Vulnerability Scanners and Proxies

Module 3: Profiling the Web Server

Module 4: Injection

Module 5: Broken Authentication

Module 6: Sensitive Data Exposure

Module 7: XML External Entities (XXE)

Module 8: Broken Access Control

Module 9: Security Misconfiguration

Module 10: Cross-Site Scripting (XSS)

Module 11: Using Components with Known Vulnerabilities

Module 12: Extra Time

Module 13: Catch the Flag

Exam Information

Course Evaluation

About this course

Detecting HTTP Methods

What is included in this course