Topic / Sector
PenTesting, Applied Security
DAY 1 OUT OF 2 DAYS TRAINING COURSE
This course will teach you how to analyse web applications for vulnerabilities and exploit them. SensePost has been conducting penetration tests against web applications for nearly two decades and has distilled their approach into this course. Providing a thorough and scientific approach, techniques to maximise coverage of an application will be taught.
Whether you're a developer looking to better understand how to defend your applications or a penetration tester looking to enhance your web application bug hunting, this course is for you.
No equipment other than a laptop is needed. Some of the topics covered include:
- Introduction to web technologies.
- Cookies and Session Management.
- Introduction to Web Vulnerabilities.
- Client and Server Side Attacks.
- Indirect Object References.
- Path traversal.
- Insecure file upload and file inclusion.
- XSS/CSRF, DOM Injections and Cache Attacks.
- QL Injection.
- Java Deserialisation.
- APIs, Microservices and Widgets.
- WebAssembly Vulnerabilities.