Web Penetration Testing Training in Novato

Enroll in or hire us to teach our Web Penetration Testing class in Novato, California by calling us @303.377.6176. Like all HSG classes, Web Penetration Testing may be offered either onsite or via instructor led virtual training. Consider looking at our public training schedule to see if it is scheduled: Public Training Classes
Provided there are enough attendees, Web Penetration Testing may be taught at one of our local training facilities.
We offer private customized training for groups of 3 or more attendees.

Course Description

 
This course provides students with a solid foundation on penetration testing as it applies to web applications. Those looking to identify how to perform a Penetration Test against web applications and present findings to a customer/employer in a professional manner.
Course Length: 2 Days
Course Tuition: $690 (US)

Prerequisites

Basic understanding of web development concepts. Some development experience is suggested

Course Outline

 
Penetration Testing and Setup
Web application Penetration Testing concepts
Penetration Testing methodology
 
Reconnaissance
Reconnaissance objectives
Initial research
  Company website
  Web history sources
  Regional Internet Registries (RIRs)
  Electronic Data Gathering, Analysis, and Retrieval (EDGAR)
  Social media resources
  Trust
  Job postings
  Location
  Google hacking
  Google Hacking Database
Researching networks
 
Server Side Attacks
Vulnerability Assessment
Exploitation
Exploiting e-mail systems
Brute-force attacks
Cracking passwords
Man-in-the-middle
 
Client-side Attacks
Social engineering 
Social Engineering Toolkit (SET)
MitM Proxy
Host scanning
Obtaining and cracking user passwords
Password Cracking Tools
 
Attacking Authentication
Attacking session management
Hijacking web session cookies
Web session tools
SQL Injection 
Cross-site scripting (XSS)
Testing cross-site scripting
XSS cookie stealing / Authentication hijacking
Other tools
 
Web Attacks
Browser Exploitation Framework – BeEF 
FoxyProxy – Firefox plugin 
BURP Proxy
OWASP – ZAP
SET password harvesting 
Fimap
Denial of Services (DoS)
Low Orbit Ion Cannon
Other tools
 
Defensive Countermeasures
Testing your defenses
Mirror your environment
Man-in-the-middle defense
Denial of Service defense
Cookie defense
Clickjacking defense
Digital forensics
 
Penetration Test Executive Report
Compliance
Industry standards
Professional services
Documentation
Report format
Statement of Work (SOW)

Course Directory [training on all levels]

Upcoming Classes
Gain insight and ideas from students with different perspectives and experiences.

Interesting Reads Take a class with us and receive a book of your choosing for 50% off MSRP.