Web Hacking Training icon

Web Hacking Training

A two-day Web Hacking training course that provides an introduction to web application security. The course is ideal if you want to learn about ethical hacking and penetration testing with a focus on web applications.

Contact

One of our intermediate level Web Hacking courses. It forms the Art of Hacking module in combination with our Infrastructure Hacking course and allows you to enter the world of ethical hacking and penetration testing with a focus on web applications.

The course is now available as live online training and can be held for you individually or for your company. Contact us below with your requirements.

Get certified:
Complete the course wherever it suits you, then take an optional exam with Check Point to become a Web Hacking Check Point Certified Pen Testing Expert (CCPE).

Very organised and clearly presented. Great having hands-on experience with individuals ready to assist when help is needed

Black Hat USA participant

One of the best classes I have taken in a long time. The contest was on-point and kept me engaged. I am new to Cybersecurity after 25 years in App Development and am very pleased with what I have learned

Black Hat USA participant

Really enjoyed the lab and the walkthroughs, it helped expedite the learning process.

Black Hat USA participant

For security and IT decision-makers

What impact does a training course by Claranet Cyber Security really have on your team?

Start building up skills in your team to protect your systems, reduce the risk of exposure and make your company a less attractive target for attackers. At the end of the course, participants will be able to:

  • Reliably explain the intricacies of the HTTP protocol and know how it can be manipulated to achieve a malicious goal,
  • Understand how to use industry-standard tools like Burpsuite to perform manual penetration testing against web applications,
  • Find and exploit vulnerabilities in web applications, including those that would lead to injection attacks, authorisation and authentication bypasses, malicious file uploads and more,
  • Identify the infrastructure and frameworks underlying a web attack surface,
  • Understand complications related to cryptography and their impact on web applications,
  • Understand how to relate security tests and other offensive and defensive measures to authentic attack vectors.
  • Overview
  • Details
  • Requirements and participant profile
  • Download the brochure

This is a beginner’s course in web security testing and also a recommended prerequisite for taking our Advanced Web Hacking course. This basic Web Hacking course familiarises participants with the fundamentals and the security aspects of web applications. A range of tools and techniques will be discussed during this two-day course, as well as a systematic approach to the different stages of hacking. If you want to start a career in ethical hacking / pentesting with the right level of knowledge, this is the course for you.

Learning objectives:

  • An introduction to web application hacking
  • Practical focus on teaching how to detect security vulnerabilities in web applications
  • Cover leading industry standards and approaches
  • Establish a foundation for deepening your knowledge and progressing into more advanced web application topics

This course familiarises you with a wealth of tools and techniques required to breach and compromise the security of web applications. The course starts by discussing the very basics of web application concepts, and gradually builds up to a level where you can not only use the tools and techniques to hack various components involved in a web application, but also walk away with a solid understanding of the concepts on which these tools are based. The course will also talk about industry standards such as OWASP Top 10 and PCI DSS which form a critical part of web application security. Numerous real life examples will be discussed during the course to help you understand the true impact of these vulnerabilities.

Understanding the HTTP Protocol

  • HTTP Protocol Basics
  • Introduction to Proxy Tools

Information Gathering

  • Enumeration Techniques
  • Understanding Web Attack Surface

Username Enumeration and Faulty Password Reset

  • Attacking Authentication and Faulty Password Mechanisms

Issues with SSL/TLS

  • SSL/TLS misconfiguration

Authorisation Bypass

  • Logical Bypass techniques
  • Session related issues

Cross Site Scripting (XSS)

  • Various types of XSS
  • Session hijacking and other attacks

Cross Site Request Forgery (CSRF)

  • Understanding CSRF attack

SQL Injection

  • SQL Injection types
  • Manual Exploitation

XML External Entity (XXE) Attacks

  • XXE Basics
  • XXE Exploitation

Insecure File Uploads

  • Attacking File Upload functionality

Deserialization Vulnerabilities

  • Serialization Basics
  • PHP Deserialization Attack

Who Should Take This Class?

Security enthusiasts
Anybody who wishes to make a career in this domain and gain some knowledge of networks and applications
Web Developers
System Administrators
SOC Analysts
Network Engineers
Pen Testers who are wanting to level up their skills

You will need:

Delegates should bring their laptop with windows operating system installed (either natively or running in a VM). Further, Delegates must have administrative access to perform tasks such as installing software, disabling antivirus etc. Devices that don’t have an Ethernet connection (e.g. MacBook Air, tablets etc.) will not be supported during the course.

Download

Course Information