75
Introduction
How to Book One to One Trainer Online Meeting
CWPT Lab
Important HTTP Methods
HTTP Status Codes
Guided Exercise: Detecting HTTP Methods
Guided Exercise: Exploiting the PUT Method
Cookies
Web Application Architecture
OWASP Top 10
Burp Proxy
OpenVas
Nikto, Wapiti
Guided Exercise: Using Nikto
Lab: Using Web Vulnerability Scanners
Lab: Using Web Vulnerability Scanners (Solution)
Nmap
Metasploit Auxiliary Modules
Lab: Scanning the Web Server
Lab: Scanning the Web Server (Solution)
Command Injection
SQL Injection
Guided Exercise: Authentication Bypass
Lab: SQL Injection
Lab: SQL Injection (Solution)
Mitigation of Injection
Authentication Protocols and Weaknessess
Username Enumeration
Attacking Tomcat's Password with Metasploit
Brute Forcing Credentials with Hydra
Guided Exercise: Using Tomcat Manager to execute code
Lab: Username Enumeration and Brute Forcing
Lab: Username Enumeration and Brute Forcing (Solution)
Mitigation of Broken Authentication
Plain Text Protocols and Data Exposure
Guided Exercise: Taking advantage of the robots.txt file
Guided Exercise: Sensitive Data Exposure (Web Storage)
Lab: Finding Sensitive Data on Web Applications
Lab: Finding Sensitive Data on Web Applications (Solution)
Mitigation of Sensitive Data Exposure
XXE External Entities
Lab: XXE Exploitation
Lab: XXE Exploitation (Solution)
Mitigation of XML External Entities (XXE)
Directory Traversal Overview
Guided Exercise: Remote File Inclusion
Guided Exercise: Local File Inclusion
Lab: Attacking Path Traversal
Lab: Attacking Path Traversal (Solution)
Mitigation of Broken Access Control
Understanding Security Misconfiguration
Using Dirb to detect Security Misconfiguration Issues
Lab: Security Misconfiguration
Lab: Security Misconfiguration (Solution)
Mitigation of Security Misconfiguration
Types of Cross-Site Scripting
Using Burp to Test for XSS Vulnerabilities
Guided Exercise: Reflected Cross Site Scripting (XSS)
Guided Exercise: Stored XSS - Stealing User Cookie
Guided Exercise: Exploiting Stored XSS Using the Header
Lab: Identifying XSS Vulnerabilities
Lab: Identifying XSS Vulnerabilities (Solution)
Mitigation of Cross-Site Scripting (XSS)
Examples
Searching for Vulnerabilities
Lab: Identifying Web App Vulnerabilities
Lab: Identifying Web App Vulnerabilities (Solution)
Mitigation of using Components with Known Vulnerabilities
Guided Exercise: Identifying Web Application Firewalls
Guided Exercise: Command Execution
Guided Exercise: Attacking a session fixation vulnerability
Guided Exercise: Bypassing client-side controls using the browser
CWPT Mock Exam
Exam Information
CWPT Course Evaluation