WebApp Security



Table of Contents


During this training, participants will get knowledge and skills of the penetration testing procedure to detect security vulnerabilities in web applications using a combination of manual and automated techniques and methods.

Testing web-application security is not intuitive, and to be useful, you need an understanding of web application design, HTTP, JavaScript, browser behavior, and potentially other technologies.

How to make the most of this course?

In order to succeed in the course, the following requirements must be met:

  • Participation in all practical laboratories
  • Self-work at home between lessons
  • Repetition of materials, self-learning, performing tasks, etc…

In addition to regular classroom studies, the participant is required to practice at least 10 hours a week in order to gain practical experience in the field.

The participant will also need a good personal computer suitable for running virtual machines, with a broadband Internet connection.

Target audience

  • Security practitioners
  • Penetration testers
  • Ethical hackers
  • Web application developers


Discovering and mitigating website vulnerabilities

  • Using tools to automate your tasks
  • Securing your web app from attacks


  • ThinkCyber Level-2 Courses



In this module, participants will learn advanced techniques for a deeper understanding of penetration testing on a WebApp. Also, how to work correctly in a local proxy environment without having to use a browser that can block us from partnering and not reveal all the information that the site itself shows.

Technical content

  • Advanced Information Gathering
    o Website Spidering and Crawling
    ▪ SpiderFoot
    ▪ Finding Directories Using Curl
    o Revealing Website History
    ▪ WayBack Machine
    ▪ Archive.org
    ▪ Google Cache
    ▪ Shodan CLI Version History
    o Web Page Snapshots
    ▪ Using NMAP Reporting
    ▪ Shodan Website Screenshots
    o Data Extraction and Scrapping
    ▪ Scrapy Framework
    ▪ Apress – Python Module
    ▪ Dirsearch and Wfuzz
  • Advanced Discovery
    o Understanding Advanced Methodologies
    o Crafting Discovery PowerShell Scripts
    o Weaponizing Curl and Wget in Discovery Scripts
    o Using Metasploit Framework Web Modules
    ▪ Advanced Web Scanners
    ▪ WMAP
    o Nmap NSE Scripts
    ▪ HTTP Enumeration Methods
    ▪ HTTP Request Fuzzing
    ▪ DNS Bruting
    ▪ Finding Backups and Dev Comments
    ▪ Proxy Discover and Bruting


This module will teach the participant how to delegate the hacking and testing capabilities of WebApp, explain how to handle the various results received and how to gain remote control of the system with common web attacks

Technical content

  • Advanced Offensive Techniques
    o WebApp Vulnerabilities and Manual Techniques
    ▪ RCE in Various Environments
    ▪ Understanding SQL Injection Techniques Manually
    ▪ Format String Vulnerabilities
    ▪ Cross-Site Scripting (XSS)
    ▪ WordPress Application Testing
    o Information Leakage and Directory Browsing
    ▪ Understanding Steganography and Encryption
    ▪ Error Messages
    ▪ Common HTTP Feature
    ▪ Information Control
  • Top Security Attacks
    o Command Injection
    o Directory traversal
    o Local File Inclusion (LFI)
    o Remote File Inclusion (RFI)
    o File Inclusion to Reverse Shell Techniques
    o Blind SQL Injection
    o The SQL Query to Reverse Shell Techniques


This module will teach the participant how to take the XSS attack and not just to high capabilities such as copying information to remote servers, creating listening, and remote connections using JavaScript language.

Technical content

  • Offensive JavaScript
    o Social Engineering
    ▪ XSS to Remote Server Logging
    ▪ Capture Clicks
    ▪ Keystroke Logging
    ▪ Event Listener
    o Include External JS
    ▪ Using JS
    ▪ Replace the Banner Image
    ▪ Stealing from Auto-Complete
    o CSRF with JS
    ▪ Extracting CSRF Tokens
    ▪ CSRF Token Stealing


The following labs are part of the actual RT423 course:
  • Lab 1 Information Gathering
  • Lab 2 NSE: Web Vulnerabilities
  • Lab 3 Using Scanners
  • Lab 4 XSS
  • Lab 5 RFI and LFI
  • Lab 6 JavaScript Basics
  • Lab 7 JavaScript
  • Lab 8 CSRF

Real cases studies

Case Study #1 (WSB001)
The United States Department of Justice, in cooperation with international partners, managed to discover a network of illegal darknet websites. They suspect that the admin of the websites operates from Korea.
Case Study #2 (WSB003)
Scamming was always a method of getting victims to send private information to the attackers without raising suspicion. A group of web developers managed to find a way of tricking Facebook users into injecting or placing malicious JavaScript into their web browser. Our company managed to retrieve a sample of the script, we need you to analyze it to understand how it operates.

 Course type

This course is delivered in the following ways:

  • Virtual classroom with proctored labs and scenarios executed in our Cyberium Arena
  • In situe classroom with proctored labs and scenarios executed in our Cyberium Arena

All sessions are recorded and attendees can replay them  during 30 days. All course material is electronically made available to the participant.

 Course Group: FOUNDATION


 Hands-on / Theory MiX

The following course incorporates a high level of hands-on labs exercises, as well as real life case studies.

1 %
Case Studies


This course prepares the participant to the following certification:

  • OSWE (Offensive Security)

Required EqUIPMENT

Network connection

As this course extensively uses a cloud based Learning Management System, including a lab arena, attendees need a stable broadband connection to the Internet.

BYOD – Bring Your Own Device

As it is a very practical course, and in order for the participants to make the most of the course, they need a laptop with the following capabilities:

  • Audio and Video
  • 8 GB RAM
  • 200 GB Disk Space
  • Virtualization capabilities ( supporting latest version of Virtualbox or similar virtual machine application)

And also a Good Headset with Mic

More Details