This is a 2 day advanced web security training for system engineers, developers and security enthusiasts who want to learn to assess web applications and web servers.
The focus here is on both attacking and defending techniques. All the exercises are performed on our famous bWAPP web security testing framework.
Students will detect and exploit web vulnerabilities like SQL and HTML injections, authentication and session issues, XSS, CSRF, file inclusions, Heartbleed, Shellshock, Drupageddon, POODLE, ClickJacking, etc. Detection and exploitation are done using manual procedures as well as using open source tools and commercial web scanners!
After completing our training course, students should possess the ability to assess web applications and web servers for security vulnerabilities. Additionally, they should be able to harden web servers, identify insecure code, and write a false-positive-free audit report.
We focus on methodologies and procedures, and not solely on software tools. This approach, combined with our realistic hands-on labs, sets MME's courses apart from others!
This training is on demand, and can be organized on-site at your preferred location, or online through our MME CyberClass, this starting from 5 students.
- Introduction to Web Applications
- Pentesting and Methodologies
- OWASP and the Top 10 Risks
- Writing User-Friendly Reports
- Active/Passive Reconnaissance
- Vulnerabilities and Exploitation
- Post-Exploitation and Webshells
- Local Privilege Escalations
- Advanced Vulnerability Detection
- Intercepting Proxies
- Web Application Scanners
- Writing Secure Code
- Web Server Hardening
- Web Application Firewalls
- Your own laptop is required (!)
- Windows (pref), OS X or Linux
- Administrator privileges
- Ethernet and USB interface
- Ability to disable AV and IPS
- VMware Player/Fusion installed
- Strong interest in web security
- No coding knowledge required
To request a price quote or for more info, please fill out the form below.