This two-day course has enough theory to ensure you understand what you are trying to achieve, but with a heavy focus on practical exercises. Students should expect lots of hands-on hacking with some of the finest hackers in the industry!
COURSE TOPICS
- The fundamentals - setting the foundation. Testing basics, tools of the trade, HTTP, and related technology introduction.
- Know your enemy - reconnaissance, enumeration, and landscape discovery.
- Breaking bad - the application series:
- SQL injection on various platforms - how to really pwn databases
- XML and XML entity injection
- XPath and LDap injection
- Cross-site scripting (reflective, persistent, and DOM based) - this is not the pop-up you are interested in
- Attacking web services (XML, JSON)
- Client side technologies such as Flash, Silverlight, and ActiveX
This course is ideally suited to those wishing to learn how to test web applications for vulnerabilities or to those experienced infrastructure pentesters that want to expand their skill set into web applications. This course is about tearing apart applications and understanding how attackers are breaching corporate deployments.
Students need to ensure they have the necessary level of skill. No hacking experience is required for this course, but a solid technical grounding is an absolute must. This includes basic Linux operating system knowledge, a basic understanding of web applications, and networking fundamentals.
All course materials, code, and tools will be supplied.
All SensePost trainers are active penetration testers who own networks, applications, mobiles and humans on a daily basis.
