Leader in the cybersecurity training sector.

Contact

EC-Council Web Application Hacking and Security (WAHS) 

Catégorie
Satisfaction rate
4.8
Success rate
4.9

Description

Web Application Hacking and Security has challenges derived from the iLab environments of EC Council - from Certified Ethical Hacker (C|EH) to the Certified
Penetration Testing Professional (C|PENT); from Certified Application Security Engineer (C|ASE) .Net to Java. But Web Application Hacking and Security goes
beyond this to more difficult scenarios as you advance through each problem. Web Application Hacking and Security is like Capture-The-Flag (CTF) competitions meant to test your hacking skills. But you can keep on trying until you achieve the goal. Test your skills and work alone to solve complex problems or follow the instructor as he does walkthroughs to help you learn Web Application Hacking and Security

Target group

  • Pentesters / Red Teamers 
  • Web security auditors 
  • Security-conscious Web developers 
  • Vulnerability analysts / SOC 
  • Application security managers 
  • Students or professionals preparing for CEH, CPENT or CASE 

Program

  • Duration : 5 days

Modules and techniques covered : 

  • Advanced Web Pentest 
  • SQL injection (SQLi) - advanced 
  • XSS (Reflected, Stored, DOM) 
  • CSRF (GET & POST) 
  • SSRF (Server Side Request Forgery) 
  • Insecure Direct Object Reference (IDOR) 
  • Server misconfigurations 
  • Directory Brute Forcing 
  • Arbitrary File Upload / Download 
  • Remote / Local File Inclusion (RFI / LFI) 
  • Command Injection / Remote Code Execution 
  • Auth Bypass, Broken Access Control 
  • Session Fixation, Cookie Forgery, Clickjacking 
  • HTTP Header Modification, Log Poisoning 
  • CMS Vulnerability Scanning (WordPress, Joomla...) 

Goal

  • Advanced web penetration testing (white-box & black-box). 
  • Exploitation of OWASP Top 10 vulnerabilities: XSS, SQLi, CSRF, SSRF, IDOR, RFI/LFI. 
  • Security analysis of CMS, third-party components and server configurations. 
  • Detection and exploitation of complex logical flaws (auth bypass, privilege escalation). 
  • Handling cookies, HTTP headers, sessions and insecure channels. 
  • Use of scanning, fuzzing and injection tools and scripts. 

Recommended

  • Basic knowledge of HTTP, HTML, JS and SQL 
  • Knowledge of Linux and virtualisation environments 
  • Using a proxy (Burp Suite) 
  • Experience in scripting (Python, Bash, PHP...) recommended 
View the brochure for this training
  • Language : English
  • Certification body : EC-Council
  • Certification: Yes
  • Accessibility : Yes
  • Duration: 5 days
Contact us
Book Now

Important information:

Our courses are not registered with the Répertoire National des Certifications Professionnelles (RNCP), but they do comply with the requirements of the Répertoire Spécifique (RS).

Réserver l’événement

icône Form/calendar icon
icône Form/ticket icon
icône Form/up small icon icône Form/down small icon
Billets disponibles: Illimité
Le billet de "" est épuisé. Vous pouvez essayer un autre billet ou une autre date.

We use cookies to improve your experience. See our Cookie policy and our Privacy policy.

Information request

I would like more information about your training courses

ACG Cyberacademy collects and uses the data provided via this form in order to process your registration requests. Fields marked with an * are required. The other information enables us to optimise the follow-up of your request and the quality of our customer relations.