SEMAFOR-CONSEIL
Your Cybersecurity Compass
Menu
/ Cybersecurity Architect, Cybersecurity Engineer, Learning, Offense, Penetration Tester, Web Security / By

WebApp Security

Advanced

RT423

Table of Contents

Description

During this training, participants will get knowledge and skills of the penetration testing procedure to detect security vulnerabilities in web applications using a combination of manual and automated techniques and methods.

Testing web-application security is not intuitive, and to be useful, you need an understanding of web application design, HTTP, JavaScript, browser behavior, and potentially other technologies.

How to make the most of this course?

In order to succeed in the course, the following requirements must be met:

  • Participation in all practical laboratories
  • Self-work at home between lessons
  • Repetition of materials, self-learning, performing tasks, etc…

In addition to regular classroom studies, the participant is required to practice at least 10 hours a week in order to gain practical experience in the field.

The participant will also need a good personal computer suitable for running virtual machines, with a broadband Internet connection.

Target audience

  • Security practitioners
  • Penetration testers
  • Ethical hackers
  • Web application developers

Objectives

Discovering and mitigating website vulnerabilities

  • Using tools to automate your tasks
  • Securing your web app from attacks

Pre-requisites

  • ThinkCyber Level-2 Courses

Syllabus

Description

In this module, participants will learn advanced techniques for a deeper understanding of penetration testing on a WebApp. Also, how to work correctly in a local proxy environment without having to use a browser that can block us from partnering and not reveal all the information that the site itself shows.

Technical content

  • Advanced Information Gathering
    o Website Spidering and Crawling
    ▪ SpiderFoot
    ▪ Finding Directories Using Curl
    o Revealing Website History
    ▪ WayBack Machine
    ▪ Archive.org
    ▪ Google Cache
    ▪ Shodan CLI Version History
    o Web Page Snapshots
    ▪ Using NMAP Reporting
    ▪ Shodan Website Screenshots
    o Data Extraction and Scrapping
    ▪ Scrapy Framework
    ▪ Apress – Python Module
    ▪ Dirsearch and Wfuzz
  • Advanced Discovery
    o Understanding Advanced Methodologies
    o Crafting Discovery PowerShell Scripts
    o Weaponizing Curl and Wget in Discovery Scripts
    o Using Metasploit Framework Web Modules
    ▪ Advanced Web Scanners
    ▪ WMAP
    o Nmap NSE Scripts
    ▪ HTTP Enumeration Methods
    ▪ HTTP Request Fuzzing
    ▪ DNS Bruting
    ▪ Finding Backups and Dev Comments
    ▪ Proxy Discover and Bruting

Description

This module will teach the participant how to delegate the hacking and testing capabilities of WebApp, explain how to handle the various results received and how to gain remote control of the system with common web attacks

Technical content

  • Advanced Offensive Techniques
    o WebApp Vulnerabilities and Manual Techniques
    ▪ RCE in Various Environments
    ▪ Understanding SQL Injection Techniques Manually
    ▪ Format String Vulnerabilities
    ▪ Cross-Site Scripting (XSS)
    ▪ WordPress Application Testing
    o Information Leakage and Directory Browsing
    ▪ Understanding Steganography and Encryption
    ▪ Error Messages
    ▪ Common HTTP Feature
    ▪ Information Control
  • Top Security Attacks
    o Command Injection
    o Directory traversal
    o Local File Inclusion (LFI)
    o Remote File Inclusion (RFI)
    o File Inclusion to Reverse Shell Techniques
    o Blind SQL Injection
    o The SQL Query to Reverse Shell Techniques

Description

This module will teach the participant how to take the XSS attack and not just to high capabilities such as copying information to remote servers, creating listening, and remote connections using JavaScript language.

Technical content

  • Offensive JavaScript
    o Social Engineering
    ▪ XSS to Remote Server Logging
    ▪ Capture Clicks
    ▪ Keystroke Logging
    ▪ Event Listener
    o Include External JS
    ▪ Using JS
    ▪ Replace the Banner Image
    ▪ Stealing from Auto-Complete
    o CSRF with JS
    ▪ Extracting CSRF Tokens
    ▪ CSRF Token Stealing

Labs

The following labs are part of the actual RT423 course:
  • Lab 1 Information Gathering
  • Lab 2 NSE: Web Vulnerabilities
  • Lab 3 Using Scanners
  • Lab 4 XSS
  • Lab 5 RFI and LFI
  • Lab 6 JavaScript Basics
  • Lab 7 JavaScript
  • Lab 8 CSRF

Real cases studies

Case Study #1 (WSB001)
The United States Department of Justice, in cooperation with international partners, managed to discover a network of illegal darknet websites. They suspect that the admin of the websites operates from Korea.
Reference
Case Study #3 (WSB002)
Recently, a group of hackers managed to hack into the U.S. property and demographic database, and exposed this way 200 million records to the public eye. Following these events, the U.S. government had published a public bounty offer on the hacker group's identity. Use your penetration testing skills to find the attackers and seize the stolen information.
Reference
Case Study #2 (WSB003)
Scamming was always a method of getting victims to send private information to the attackers without raising suspicion. A group of web developers managed to find a way of tricking Facebook users into injecting or placing malicious JavaScript into their web browser. Our company managed to retrieve a sample of the script, we need you to analyze it to understand how it operates.
Reference
Case Study #4 (WSB004)
A company named Emsisoft identified ransomware written in JavaScript that infects and locks a variety of OS, such as Windows, Linux, and macOS. In short, the malware is so efficient that at the same time, the malware can modify and distribute by just changing the Bitcoin address. The company decided to attempt and find a counter-attack for this ransomware, analyze the given malware, and find a way to disable it.
Reference
Case Study #5 (WSB005)
With the Corona outbreak came a need for a stable and private online platform for meetings and progress presentations. A vast amount of companies migrated to Zoom for this reason. While having a meeting, one of the companies noticed that an unknown user had joined the chat. Now, they are seeking your help to solve the problem.
Reference
Previous slide
Next slide
Join a session

 Course type

This course is delivered in the following ways:

  • Virtual classroom with proctored labs and scenarios executed in our Cyberium Arena
  • In situe classroom with proctored labs and scenarios executed in our Cyberium Arena

All sessions are recorded and attendees can replay them  during 30 days. All course material is electronically made available to the participant.

 Course Group: FOUNDATION

LEVEL
0%
HOURS
1

 Hands-on / Theory MiX

The following course incorporates a high level of hands-on labs exercises, as well as real life case studies.

Hands-on
1 %
Labs
1
Case Studies
1

Certification

This course prepares the participant to the following certification:

  • GWEB (SANS)
  • OSWE (Offensive Security)

Required EqUIPMENT

Network connection

As this course extensively uses a cloud based Learning Management System, including a lab arena, attendees need a stable broadband connection to the Internet.

BYOD – Bring Your Own Device

As it is a very practical course, and in order for the participants to make the most of the course, they need a laptop with the following capabilities:

  • Audio and Video
  • 8 GB RAM
  • 200 GB Disk Space
  • Virtualization capabilities ( supporting latest version of Virtualbox or similar virtual machine application)

And also a Good Headset with Mic

More Details

Subscribe

Join a session
SEMAFOR-CONSEIL
Privacy Policy
Contact