Web Application Penetration Testing: Web Fingerprinting and Enumeration | INE

The Web Application Penetration Testing course provides all the advanced skills necessary to carry out a thorough and professional penetration test against modern web applications. The Penetration Testing Process is among the first topics you will come across, helping you gain confidence with the processes and legal matters involved in a penetration testing engagement. You will learn methodologies and the best practice for reporting in order to become a confident and professional penetration tester. and understand the basics of web applications. In-depth coverage of the Same Origin Policy, encoding, HTTP Protocol and cookies will prove useful for the rest of the training course. Burp and ZAP proxies are also covered at this point. Then a multitude of techniques are presented to collect behavioral, functional, applicative, and infrastructural information. Information gathering is of paramount importance during web app penetration tests. The most widespread web application vulnerabilities will be covered in depth (including how to mitigate them). Specifically, XSS (reflected, stored, DOM), SQLi (In-band, Error-based, Blind), NoSQL attacks, CSRF, path traversal, local file inclusion, remote file inclusion, arbitrary file upload, HTTP response splitting and many other will be covered. Authentication, authorization, Session, Flash and HTML5 attacks are also covered in detail. Finally, this course covers how to perform penetration tests against turnkey CMS solutions and web services (XML-RPC, JSON-RPC, SOAP, RESTful, WSDL, SOAPAction spoofing, etc.)

This course is part of the Web Application Penetration Testing Professional Learning path which prepares you for the eWPT exam and certification




If any links die or problem unrar, send request to