Web Hacking Training icon

Web Hacking Training

New 2020 Edition
A 2 day web hacking training class that provides an entry level into Web Application Security. It is ideal if you want to learn ethical hacking and penetration testing with a focus on web applications.

One of our intermediate level web hacking courses. When combined with our Infrastructure Hacking course, it forms the Art of Hacking module. It lets you step into the world of ethical hacking and penetration testing with a focus on web applications.

The course is available directly from Claranet Cyber Security or you can book through one of our partners. The course is now available as live, online training and can be delivered for you individually or for your company. Contact us below with your requirements.

Get certified:
Complete the course wherever it suits you and afterwards you can take an optional exam with Check Point and become a Web Hacking Check Point Certified Pen Testing Expert (CCPE).

Very organised and clearly presented. Great having hands-on experience with individuals ready to assist when help is needed

Delegate, Black Hat USA 2016

One of the best classes I have taken in a long time. The contest was on-point and kept me engaged. I am new to Cybersecurity after 25 years in App Development and am very pleased with what I have learned

Delegate, Black Hat USA 2016

Really enjoyed the lab and the walkthroughs, it helped expedite the learning process.

Delegate, Black Hat USA 2016

For security and IT decision makers

What’s the real impact of training your team through Claranet Cyber Security?

Start to build the skills within your team to harden your perimeter, lower the risk of compromise, and make your organisation a less attractive target for attackers. Trained delegates can:

  • Confidently articulate the intricacies of the HTTP protocol and how it can be manipulated to achieve a malicious goal.
  • Understand how to use industry-standard tools, such as Burpsuite, to perform manual penetration testing against web applications.
  • Find and exploit vulnerabilities in web applications, including those that would lead to injection attacks, authorisation and bypass authentication, malicious file uploads, and more.
  • Identify the infrastructure and frameworks underlying a web attack surface.
  • Understand complications related to cryptography and the effect on web applications.
  • Understand how to tie security testing and other offensive and defensive measures back to authentic attack vectors.
  • Overview
  • Details
  • Pre-requisites & Audience
  • Brochure Download

This is an entry-level web application security testing course and also a recommended pre-requisite course before enrolling for our “Advanced Web Hacking” course. This foundation course of “Web Hacking” familiarises the attendees with the basics of web application and web application security concerns. A number of tools and techniques, backed up by a systematic approach on the various phases of hacking will be discussed during this 2-day course. If you would like to step into a career of Ethical Hacking / Pen Testing with the right amount of knowledge, this is the right course for you.

Learning objectives

  • An introduction into web application hacking
  • Practical in focus, it teaches how web application security flaws are discovered
  • It covers leading industry standards and approaches
  • Builds the foundation to progress your knowledge and move into more advanced Web Application topics

This course familiarises the attendees with a wealth of tools and techniques required to breach and compromise the security of web applications. The course starts by discussing the very basics of web application concepts, and gradually builds up to a level where attendees can not only use the tools and techniques to hack various components involved in a web application, but also walk away with a solid understanding of the concepts on which these tools are based. The course will also talk about industry standards such as OWASP Top 10 and PCI DSS which form a critical part of web application security. Numerous real life examples will be discussed during the course to help the attendees understand the true impact of these vulnerabilities.

Understanding the HTTP Protocol

  • HTTP Protocol Basics
  • Introduction to Proxy Tools

Information Gathering

  • Enumeration Techniques
  • Understanding Web Attack Surface

Username Enumeration and Faulty Password Reset

  • Attacking Authentication and Faulty Password Mechanisms

Issues with SSL/TLS

  • SSL/TLS misconfiguration

Authorisation Bypass

  • Logical Bypass techniques
  • Session related issues

Cross Site Scripting (XSS)

  • Various types of XSS
  • Session hijacking and other attacks

Cross Site Request Forgery (CSRF)

  • Understanding CSRF attack

SQL Injection

  • SQL Injection types
  • Manual Exploitation

XML External Entity (XXE) Attacks

  • XXE Basics
  • XXE Exploitation

Insecure File Uploads

  • Attacking File Upload functionality

Deserialization Vulnerabilities

  • Serialization Basics
  • PHP Deserialization Attack

Who should attend

Security enthusiasts, anybody who wishes to make a career in this domain and have some knowledge of network and applications, System Administrators, Web Developers, SOC analysts, Network Engineers, and Pen Testers who want to take their skills to the next level.

Student requirements

Delegates should bring their laptop with a Windows Operating System installed (either natively or running in a VM). Further, delegates must have administrative access to perform tasks such as installing software, disabling antivirus etc. Devices that don’t have an Ethernet connection (e.g. MacBook Air, tablets etc.) will not be supported during the course.

Download

Download brochure

Other courses to further your knowledge

Lab-based training - written by Black Hat trainers.

These classes are ideal for those preparing for CREST CCT (ICE), CREST CCT (ACE), CHECK (CTL), TIGER SST and other similar industry certifications, as well as those who perform penetration testing on infrastructure or web applications as a day job and wish to add to their existing skill set.

Enquire about your training

We provide training directly (live, online or in person) and also work with a range of training partners in different locations around the globe for classroom or live, online training. Please contact us with details of your requirement and we will recommend the best route to access our amazing training.

The course can also be booked directly through our accredited training partners.

Our accreditations and partnerships

iso 9001 accredited
iso 14001 accredited
iso 22301 accredited
iso 27001 accredited
iso 27017 accredited