Web App Penetration Testing and Ethical Hacking (TWAPT)

• Apply a detailed, four-step methodology to your web application penetration tests: reconnaissance, mapping, discovery, and exploitation
• Analyze the results from automated web testing tools to validate findings, determine their business impact, and eliminate false positives
• Manually discover key web application flaws
• Use Python to create testing and exploitation scripts during a penetration test
• Discover and exploit SQL Injection flaws to determine true risk to the victim
organization
• Create configurations and test payloads within other web attacks
• Fuzz potential inputs for injection attacks
• Explain the impact of exploitation of web application flaws
• Analyze traffic between the client and the server application using tools such as the Zed Attack Proxy and Burp Suite to find security issues within the client-side application code
• Manually discover and exploit Cross-Site Request Forgery (CSRF) attacks
• Use the Browser Exploitation Framework (BeEF) to hook victim browsers, attack client software and the network, and evaluate the potential impact that XSS flaws have within an application
• Perform a complete web penetration test during the Capture-the-Flag exercise to bring techniques and tools together into a comprehensive test

Download Brochure