tel +66(0) 2634 7993-4
Youtube Facebook Twitter
Schedule NTC Network Training Center

Web Application Security Essentials

 
Duration: 5 Days (Instructor-Led Training)
 
This curriculum is intended for professionals tasked with implementing, managing, or protecting Web applications. It is principally well-suited to application security analysts, developers, application architects, pen testers, auditors who are interested in recommending proper mitigations for web security issues, and infrastructure security professionals who have an interest in better defending their web applications.
 
The class will also cover additional issues the authors have found to be important in their day-to-day web application development practices. The topics that will be covered include:
 
 
COURSE OBJECTIVES
 
(1) HTTP and HTTPS Basics These protocols are the foundation of communication for web apps and understanding the various requests, responses, and status codes are fundamental to the course. We also examine packet structure and how packets can be manipulated by attackers. 
 
(2) Why Sites Get Hacked Sites get hack for a number of reasons. The main ones are because websites provide a large attack surface and the technologies that run on them are subject to common vulnerabilities such as SQLI, XSS, LFI, and RFI. These attack vectors are discussed in greater detail later in the course. 
 
(3) Hacker Methodology The steps followed by an attacker which consist of footprinting, scanning, enumeration, gaining access, maintaining access, and covering one’s tracks. A host of essential tools are presented throughout the course that should be in every pentester’s toolbox. Manual and automated approaches are presented for each type of process.
 
(4) SQLI Structured query language injection is a common exploit that takes advantage of improperly-filtered user input. Escape characters such as single and double quotes can then be inserted or “injected” into URL query strings to form basic SQL queries. Such queries can be used to dump a database, modify or delete individual tables or even the entire database!
 
(5) XSS Cross site scripting takes advantage of a client-side vulnerability that allows an attacker to inject code that can execute malicious scripts. Like SQLI, it exploits improperly-filtered user input. The malicious scripts can hijack session cookies and tokens as well as steal other sensitive information from a compromised site. 
 
(6) LFI and RFI Local file inclusion and remote file inclusion respectively, are attacks where malicious files are installed on a vulnerable server. One (LFI) performs the exploit locally on the host and the other (RFI) uploads them remotely. Common exploits of this type are backdoors, key loggers, malware distribution, and bots. 
 
(7) Reporting Best Practices This is what sets straight-up hackers apart from the professionals. Presenting well-written testing plans up front to a client heads off any confusion and ill-will that may result from pentesting. A final report upon the completion of testing details what was done, what vulnerabilities were discovered, and recommendations for how to resolve any vulnerabilities that were found during testing 
 
 
COURSE OUTLINE
 
DAY 1
  • Course Introduction 
  • HTTP Basics 
  • Netcat Lab for HTTP 1.1 and 1.0 
  • HTTP Methods and Verb Tampering 
  • HTTP Method Testing with Nmap and Metasploit 
  • HTTP Verb Tampering Demo 
  • HTTP Verb Tampering Lab Exercise 
  • HTTP Basic Authentication 
  • Attacking HTTP Basic Authentication with Nmap and Metasploit 
  • HTTP Digest Authentication RFC 2069 
  • HTTP Digest Auth Hashing (RFC 2069) 
  • HTTP Digest Authentication (RFC 2617) 
  • HTTP Statelessness and Cookies 
  • Session ID 
  • LAB EXCERCISES 
  • RECAP
 
DAY 2
  • SSL - Transport Layer Protection 
  • SSL MITM using Proxies 
  • File Extraction from HTTP Traffic 
  • HTML Injection Basics 
  • HTML Injection in Tag Parameters 
  • HTML Injection using 3rd Party Data Source 
  • HTML Injection - Bypass Filters Cgi.Escape 
  • Command Injection 
  • Command Injection - Filters 
  • Web to Shell on the Server 
  • Web Shell: PHP Meterpreter 
  • Web Shell: Netcat Reverse Connects 
  • Web Shell: Using Python, PHP etc 
  • Getting Beyond Alert(XSS) 
  • LAB EXCERCISES 
  • RECAP
 
DAY 3
  • XSS: Cross Site Scripting 
  • Javascript Variables 
  • Types of XSS 
  • Javascript Operators 
  • XSS via Event Handler Attributes 
  • Javascript for Pentesters: Conditionals 
  • DOM XSS 
  • Javascript loops 
  • Javascript Functions 
  • Javascript Data Types 
  • Javascript  Enumerating Object Properties 
  • Javascript HTML DOM 
  • Javascript Cookies
  • REAL WORLD EXAMPLE 
  • LAB EXCERCISES 
  • RECAP
 
DAY 4
  • Javascript Exceptions 
  • Javascript for Pentesters: Advanced Forms Manipulation 
  • Javascript for Pentesters: XMLHttpRequest Basics 
  • Javascript for Pentesters: XHR and HTML Parsing 
  • Javascript for Pentesters: XHR and JSON Parsing 
  • Javascript for Pentesters: XHR and XML Parsing  
  • File Upload Vulnerability Basics 
  • Beating Content-Type Check in File Uploads 
  • Bypassing Blacklists in File Upload 
  • Bypassing Blacklists using PHPx 
  • Bypassing Whitelists using Double Extensions in File Uploads 
  • Defeating Getimagesize() Checks in File Uploads 
  • Null Byte Injection in File Uploads 
  • Exploiting File Uploads to get Meterpreter 
  • Remote File Inclusion Vulnerability Basics 
  • RECAP
 
DAY 5
  • Exploiting RFI with Forced Extensions 
  • RFI to Meterprete 
  • LFI Basics 
  • LFI with Directory Prepends 
  • Remote Code Execution with LFI and File Upload Vulnerability 
  • LFI with File Extension Appended - Null Byte Injection 
  • Remote Code Execution with LFI and Apache Log Poisoning 
  • Remote Code Execution with LFI and SSH Log Poisoning 
  • Unvalidated Redirects 
  • Encoding Redirect Params 
  • Open Redirects: Base64 Encoded Params 
  • Open Redirects: Beating Hash Checking 
  • CSRF and XSS 
  • CSRF Token Bypass with Hidden Frames 
  • Insecure Direct Object Reference 
  • RECAP
 
PREREQUISITES
 
Students have a basic working knowledge of the Linux command line.
 
 
WHO SHOULD ATTEND
  • General security practitioners
  • Penetration testers 
  • Ethical hackers
  • Web application developers 
  • Website designers and architects
 
Name :
Email :
 
Youtube Facebook Twitter