ABOUT THE PROGRAM
The course covers the following topics:
DON'T TOUCH THIS TAB
It’s important to improve the accordion’s behaviour
Penetration Testing and Web Applications
- Meet the Web stack
- Proactive security testing vs. hacking
- Automated vs. manual testing
- Code vulnerabilities and severity scoring
Environment Setup
- To Kali or not to Kali
- Tools of the trade
- Deliberately vulnerable applications and servers
Profiling the web server
- Scanning for open ports
- Fingerprinting the application stack
- Enumerating files, directories, and other resources
- Scanning for known application vulnerabilities
- Avoiding detection while profiling
Datastore Injections
- Error-based datastore information retrieval
- Union-based manual SQL injections
- Exploiting build-in functions
- Reading and writing files with union injections
- Generating Web shells and full shells
- Blind Boolean injections
- Blind time-based injections
- Bonus: Schema-less injections?!
Don't touch this tab
ABOUT CYBERPRO
About CYBERPRO was founded in cooperation with international information security and instruction authorities who bring to Israel world-leading cyber training technologies and a learning experience of the highest standard available today.
The partners include the IITC group which has been training graduates for the high tech industry for over 20 years, and was selected as the training center for the Cisco Company in Israel.
CYBERPRO’s advanced, sought-after training courses in the areas of infrastructures, information security and cyber are world famous. These training courses were developed by some of the best cyber experts in the world, for international security organizations that emphasize the high training capabilities, the professional learning methods and the unique training and practice technologies. Our connection with international groups allows our students to be exposed to unique employment opportunities in Israel and abroad.
The training and learning tracks are all based much hands-on practice and preparation for the industry and profession requirements, so they include technological labs and practice sessions using one of the most advanced simulators in the world.
COURSE INFO
Target audience
- Server-side and client-side Web application developers
- Analysts
- IT specialists
- Incident Response Teams
Prerequisites
- Advanced knowledge of Web technologies (server code , SQL, JavaScript, HTML)
- Server-side programing
- Familiarity with Windows and Linux operating systems is advantageous
- Familiarity with TCP/IP protocols is advantageous
Skills Gained
- Performing penetration testing
- Using he tools of the trade
- SQL injections
- Advanced web server profiling