At the end of the course, employees will be able to :

• Apply a detailed, four-step methodology to your web application penetration tests: reconnaissance, mapping, discovery, and exploitation

• Analyze the results from automated web testing tools to validate findings, determine their business impact, and eliminate false positives

• Manually discover key web application flaws

• Use Python to create testing and exploitation scripts during a penetration test

• Discover and exploit SQL Injection flaws to determine true risk to the victim organization

• Create configurations and test payloads within other web attacks

• Fuzz potential inputs for injection attacks

• Explain the impact of exploitation of web application flaws

• Analyze traffic between the client and the server application using tools such as the Zed Attack Proxy and Burp Suite to find security issues within the client-side application code

• Manually discover and exploit Cross-Site Request Forgery (CSRF) attacks

• Use the Browser Exploitation Framework (BeEF) to hook victim browsers, attack client software and the network, and evaluate the potential impact that XSS flaws have within an application

• Perform a complete web penetration test during the Capture-the-Flag exercise to bring techniques and tools together into a comprehensive test