Hacklabs has rebranded to Pure Security. Please visit our new website at https://www.pure.security for more information.

HackLabs: Web Application Penetration Testing Course

HackLabs: Web Application Penetration Testing (Three day course) is our course offering intensive, hands-on training in Web Application Penetration Testing.

Participants will learn how hackers perform Web Application Attacks and how to remediate common vulnerabilities. Participants will learn how hackers can gain access to an organisations web application and the data they hold.

The intent of this course is to assist organisations in arming front line staff with the approach, the latest tools and techniques that attackers utilise so that they can better secure there organisations applications.

HackLabs are able to indicate the key areas that the team see day in day out as they are performing and researching the latest attack techniques to utilise in penetration testing for our client base, during the work we perform for them.

This course will provide an overview of:

  • Which tools to use,
  • How to use the tools, and
  • The methodology behind security testing.

Course Outline

The course is compromised of the following modules and concludes with a two-hour lab with several applications to explore and compromise. During the training we perform a Hack-a-long so that students can see the examples in action after the instructor has explained the technique and demonstrated it. The Course includes the following sections:

  • Introduction
  • The History of Web Application Vulnerabilities
  • The Problem
  • The Testing Methodology;
  • Recon and analysis
  • Mapping application content
  • Analysing the application
  • Application Logic Testing
  • Testing client-side controls
  • Test for logic flaws
  • Access handling
  • Test authentication
  • Test session management
  • Test access controls
  • Input handling
  • Test for Input-based vulnerabilities: (SQL injection, XSS, command injection and path traversal)
  • Test for Function-specific Input Vulnerabilities
  • Application hosting
  • Test for shared hosting issues
  • Test for Web Server Vulnerabilities
  • Miscellaneous checks

Contact Us