Penetration Testing - Web Application Security

This basic training course is designed for QA or penetration testers and imparts in-depth basics for the security of web-based applications.

The participants will be able to comprehend complex security-relevant correlations in web applications, to identify the most common vulnerabilities and to derive basic approaches for establishing sustainable security.

The seminar includes the work of the OWASP (Open Web Application Security Project) considered to have a significant impact on the future. Vulnerabilities and specifics of web browsers and web applications are discussed thoroughly. Each vulnerability is considered with regard to its most effective verification technique and general countermeasures.

The training includes a variety of practical exercises for which our convenient mobile training environment is used. The participants learn to understand the vulnerabilities by solving tasks at different difficulty levels before discussing them in the group.

The participants are encouraged to use their own laptop with their own preferred working environment and don’t have to adapt to the training environment.

All contents can be adapted specifically to your needs!

Content

  • Basics
    • HTTP
    • Sessions, Cookies, Dom storage
    • Ajax/CORS
    • CSP
    • Cryptography, SSL/TLS
    • HSTS, HPKP
  • Tools
    • Burp, OWASP Zap, mitmproxy
    • Developer tools + Plugins (Firefox, Chrome)
    • ncat, nmap
    • sslscan, o-saft
    • sqlmap
  • Attacks
    • XSS (reflected, stored, dom-based)
    • Injection (SQL, LDAP, XML, Code, …)
    • CSRF, Clickjacking
    • JSONP hijacking, CORS misconfiguration
    • XML external entity includes
    • Logical/Semantic Attacks, Phishing
  • Defense
    • network separation
    • Firewalls, WAFs
    • IDS/IPS
    • anti automation

Target Audience

  • Pentester
  • QA Tester

Duration

2 to 3 days or individually configured

Prerequisites

none

Trainer

Basic training in Web Application SecurityDr. Benjamin Kellermann
Experienced penetration tester and IT security consultant
Basic training in Web Application SecurityMaximiliane Zirm
Security consultant and head of the penetration test team

Our training courses are aimed at companies and organisations. A training course can be economical with just three or more participants. The trainings take place at your premises or is organised by us in your desired environment.

You might also be interested in these trainings:

all trainings
Mirko Richter

Your Contact:

Mirko Richter

Tel.: +49 (351) 465 662-886
mirko.richter@mgm-sp.com

Wenn Sie auf der Seite weitersurfen, stimmen Sie der Cookie-Nutzung zu.
If you continue to visit the site, you agree to the use of cookies.
Privacy Policy / Cookie Policy

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close