Web Security - Vulnerability Analysis

Training objective: This program covers analysis and comprehension of web application elements to explore the field of web vulnerabilities and attacks.

• Apply techniques used to audit and test the security of web applications
• Apply techniques used to conduct discovery, exploration, and investigation of a website and web application features
• Apply tools and techniques used to discover and exploit vulnerabilities
• Understand and apply port scanning techniques
• Understand application flowcharting and session analysis
• Understand Client Injection Attacks
• Understand Cross-Site & Server-Side Request Forgery (CSRF / SSRF)
• Understand Cross-Site Scripting (XSS)
• Understand how a web application manages client sessions
• Understand how a web application tracks user activity
• Understand how a web application uses SSL/TLS in modern web communications
• Understand how to bypass and exploit weak authentication
• Understand how to enumerate users
• Understand HTTP, HTTPS, and AJAX within the context of security, vulnerabilities, and essential operations
• Understand identifying services and configurations
• Understand processes and mechanisms used to secure web applications by authentication
• Understand spidering web applications
• Understand SQL injection attacks and how to identify SQL injection vulnerabilities in applications
• Understand the attacks leveraged against flaws in session states
• Understand the technologies, programming languages, and structures involved in the construction and implementation of a website
• Understand the tools and techniques used to audit and identify flaws in the design or implementation in the configuration of a website
• Understand the use of proxies, fuzzing, scripting, and application logic attacks
• Understand tools and techniques required to perform web application security testing on modern web-based languages such as JavaScript with AJAX