ICSI | CWPT Certified Web Penetration Tester (On-Demand)

Introduction

How to Book One to One Trainer Online Meeting

CWPT Lab

Important HTTP Methods

HTTP Status Codes

Guided Exercise: Detecting HTTP Methods

Guided Exercise: Exploiting the PUT Method

Cookies

Web Application Architecture

OWASP Top 10

Burp Proxy

OpenVas

Nikto, Wapiti

Guided Exercise: Using Nikto

Lab: Using Web Vulnerability Scanners

Lab: Using Web Vulnerability Scanners (Solution)

Nmap

Metasploit Auxiliary Modules

Lab: Scanning the Web Server

Lab: Scanning the Web Server (Solution)

Command Injection

SQL Injection

Guided Exercise: Authentication Bypass

Lab: SQL Injection

Lab: SQL Injection (Solution)

Mitigation of Injection

Authentication Protocols and Weaknessess

Username Enumeration

Attacking Tomcat's Password with Metasploit

Brute Forcing Credentials with Hydra

Guided Exercise: Using Tomcat Manager to execute code

Lab: Username Enumeration and Brute Forcing

Lab: Username Enumeration and Brute Forcing (Solution)

Mitigation of Broken Authentication

Plain Text Protocols and Data Exposure

Guided Exercise: Taking advantage of the robots.txt file

Guided Exercise: Sensitive Data Exposure (Web Storage)

Lab: Finding Sensitive Data on Web Applications

Lab: Finding Sensitive Data on Web Applications (Solution)

Mitigation of Sensitive Data Exposure

XXE External Entities

Lab: XXE Exploitation

Lab: XXE Exploitation (Solution)

Mitigation of XML External Entities (XXE)

Directory Traversal Overview

Guided Exercise: Remote File Inclusion

Guided Exercise: Local File Inclusion

Lab: Attacking Path Traversal

Lab: Attacking Path Traversal (Solution)

Mitigation of Broken Access Control

Understanding Security Misconfiguration

Using Dirb to detect Security Misconfiguration Issues

Lab: Security Misconfiguration

Lab: Security Misconfiguration (Solution)

Mitigation of Security Misconfiguration

Types of Cross-Site Scripting

Using Burp to Test for XSS Vulnerabilities

Guided Exercise: Reflected Cross Site Scripting (XSS)

Guided Exercise: Stored XSS - Stealing User Cookie

Guided Exercise: Exploiting Stored XSS Using the Header

Lab: Identifying XSS Vulnerabilities

Lab: Identifying XSS Vulnerabilities (Solution)

Mitigation of Cross-Site Scripting (XSS)

Examples

Searching for Vulnerabilities

Lab: Identifying Web App Vulnerabilities

Lab: Identifying Web App Vulnerabilities (Solution)

Mitigation of using Components with Known Vulnerabilities

Guided Exercise: Identifying Web Application Firewalls

Guided Exercise: Command Execution

Guided Exercise: Attacking a session fixation vulnerability

Guided Exercise: Bypassing client-side controls using the browser

CWPT Mock Exam

Exam Information

CWPT Course Evaluation