Advanced Application Testing

Level: Advanced

REGISTER YOUR INTEREST

Instructor led learning that covers the steps required to conduct an effective application test. Candidates will cover both client side and server-side attacks. Candidates will take the practical steps to identify vulnerabilities and then utilise them as part of an attack

What Will You Learn?

  • Advanced Application Testing provides the opportunity to attack an application that has multiple common vulnerabilities.

 

  • Candidates are taught to leverage the vulnerabilities that are identified to continue an attack such as through session hijacking via cross-site scripting.

 

  • Server-side vulnerabilities will provide candidates with the chance to deliver payloads directly to a system via inadequate application protections.

Who Should Attend?

Security consultants and practitioners looking to expand their knowledge of conducting application tests and take the next step in their careers. Typical candidates consist of:

  • Penetration Testers
  • Security Analysts
  • Consultants prepping for CHECK Team Leader exams

Recommended Prerequisites

The Advanced Application Testing course provides candidates with an environment to learn new techniques of attack and explore alternatives to methods they currently use. As such, the course assumes that any candidate will be familiar with the tools required to conduct an application test.

It is required that all students are comfortable with whatever testing OS they choose to use and are comfortable with command line interfaces.

Syllabus

Legal Considerations

  • Making sure you stay on the right side of the law
  • UK laws regarding hacking

Site Enumeration

  • Site mapping
  • Understanding authenticated vs unauthenticated access
  • Identification of WAF solutions
  • Encryption implementations

Session Management

  • Understanding user sessions

Injection Vulnerabilities

  • SQL injection attacks against multiple databases
  • Command injection
  • Bypassing injection protection

Cross-Site Scripting

  • Identification of XSS
  • Session Hijacking
  • Bypassing XSS protection

File Include Vulnerabilities

  • Local File Inclusion
  • Remote File Inclusion

File Upload Abuse

  • Web shells
  • Bypassing file upload filters

Client-side Restrictions

  • Identify resources that are not appropriately protected
  • Access resources that are not immediately visible or accessible

Application Management Interfaces

  • Identifying management interfaces
  • Attacking applications via management interfaces