EC-Council Web Application Hacking and Security (WAHS)


Description
Web Application Hacking and Security has challenges derived from the iLab environments of EC Council - from Certified Ethical Hacker (C|EH) to the Certified
Penetration Testing Professional (C|PENT); from Certified Application Security Engineer (C|ASE) .Net to Java. But Web Application Hacking and Security goes
beyond this to more difficult scenarios as you advance through each problem. Web Application Hacking and Security is like Capture-The-Flag (CTF) competitions meant to test your hacking skills. But you can keep on trying until you achieve the goal. Test your skills and work alone to solve complex problems or follow the instructor as he does walkthroughs to help you learn Web Application Hacking and Security
Target group
- Pentesters / Red Teamers
- Web security auditors
- Security-conscious Web developers
- Vulnerability analysts / SOC
- Application security managers
- Students or professionals preparing for CEH, CPENT or CASE
Program
- Duration : 5 days
Modules and techniques covered :
- Advanced Web Pentest
- SQL injection (SQLi) - advanced
- XSS (Reflected, Stored, DOM)
- CSRF (GET & POST)
- SSRF (Server Side Request Forgery)
- Insecure Direct Object Reference (IDOR)
- Server misconfigurations
- Directory Brute Forcing
- Arbitrary File Upload / Download
- Remote / Local File Inclusion (RFI / LFI)
- Command Injection / Remote Code Execution
- Auth Bypass, Broken Access Control
- Session Fixation, Cookie Forgery, Clickjacking
- HTTP Header Modification, Log Poisoning
- CMS Vulnerability Scanning (WordPress, Joomla...)
Goal
- Advanced web penetration testing (white-box & black-box).
- Exploitation of OWASP Top 10 vulnerabilities: XSS, SQLi, CSRF, SSRF, IDOR, RFI/LFI.
- Security analysis of CMS, third-party components and server configurations.
- Detection and exploitation of complex logical flaws (auth bypass, privilege escalation).
- Handling cookies, HTTP headers, sessions and insecure channels.
- Use of scanning, fuzzing and injection tools and scripts.
Recommended
- Basic knowledge of HTTP, HTML, JS and SQL
- Knowledge of Linux and virtualisation environments
- Using a proxy (Burp Suite)
- Experience in scripting (Python, Bash, PHP...) recommended
- Language : English
- Certification body : EC-Council
- Certification: Yes
- Accessibility : Yes
- Duration: 5 days
Important information:
Our courses are not registered with the Répertoire National des Certifications Professionnelles (RNCP), but they do comply with the requirements of the Répertoire Spécifique (RS).