Вы находитесь на странице: 1из 7

Advanced Application

Penetration Testing
Hands-On 8-Day Course

1 | P a g e

Advanced Application Penetration Testing
Hands-On Course (8 days)

Course Description
Our systems are under attack on a daily basis and the next security breach is just a matter of
time. This intensive hands-on course will teach you how to find those vulnerabilities in your
systems before the bad guys do. The course will introduce the various methods, tools and
techniques used by attackers, in order to know how to test for the major security
vulnerabilities and how to identify security bugs on real systems, by using live hacking
demonstrations and hands-on labs. The objectives of the course are to teach develoers and
!T "xerts about the most dangerous vulnerabilities and how to erform security testing, and
by that increasing the amount and quality of test cases that can be erformed by the auditor.
This course provides intensive hands-on labs using real orld applications!
Training Director
"re# $etula (C%&&P)' (ounder o( App&ec )abs' is a world renowned alication security
exert# sending most of his time finding software vulnerabilities and teaching develoers
how they should avoid them. "re$ has extensive hands-on exerience erforming security
assessments, code reviews and secure develoment trainings for worldwide organi$ations.
%e is a constant seaker at international security conferences &such as 'lack%at, (")*O+,
,-., O/.-P0, and author of the book Managed Code Rootkits.
Target Audience

1embers of the software develoment team2
-ecurity Professionals
-oftware 3 !T "xerts


'efore attending this course, students should be familiar with2
Oerating systems concets, basic knowledge in databases 3 -45 language
Programming concets, with emhasis on web alications

2 | P a g e

Technical +e*uire,ents

!n order to begin a successful course, there are a number of requirements we need our
customers to meet2
*omuter6lato for each articiant2
.t least 78' memory
.t least 9:8' free disk sace
vmware software installed &otional0

Course topics

Day -

.lication (iscovery
-ite 1aing 3 /eb *rawling
-erver 3 .lication )ingerrinting
!dentifying the entry oints
)ile extensions handling
Page enumeration and brute forcing
5ooking for leftovers
8oogle hacking
.nalysis of error code
)A. - %n(or,ation gathering

%n(or,ation /athering

3 | P a g e

Day 0

/hat is authentication;
-uorted authentication tyes - .nonymous, 'asic, (igest, )orms, <erberos, *lient
.uthentication scenarios
=ser enumeration
8uessing asswords - 'rute force 3 (ictionary attacks
(irect age requests
Parameter modification
Password reset flaws
Password change flaws
'yassing weak *.PT*%. mechanisms
*ommon imlementation mistakes - authentication byassing using -45 !njection, 5(.P
!njection, >P.T% !njection
)A. - Authentication

/hat is authori$ation
.uthori$ation models - (.*61.*
.uthori$ation byassing
*anonicali$ation 3 Path traversal
Parameter tamering
)orceful browsing
,endering based .uthori$ation
*lient side validation attacks
)A. - Authori#ation ,echanis,s

Authentication 1ulnerabilities
Authori#ation 1ulnerabilities

4 | P a g e

Day 2

/hat is considered !nut;
!nut ?alidation Techniques
'lacklist ?-. /hitelist inut validation byassing
"ncoding attacks
(irectory traversal
*ommand !njection
*ode !njection
%TTP ,esonse -litting
5og injection
>15 injection
)A. - %,proper input validation

Day 3

!ntroduction to -45 *ommand -tructure
(atabase maniulation
*ircumventing .uthentication
,etrieving (ata
!nserting (ata
(eleting (ata
.ttacking availability
5ocal system access
(iscovering vulnerable as
"rror based
'inary search
)A. - &4) %n5ection attac6s

%,proper %nput 1alidation
&4) %n5ection 1ulnerabilities

5 | P a g e

Day 7

Overview of >--
>-- (escrition
,eflected >--
-tored 6 Persistant >--
(O1 based >--
>-- /hitelist ?-. 'lacklist inut validation
(iscovery aroaches @ 1anual ?-. .utomatic ?-. -emi-automatic
(ifferent >-- scenarios
>-- inut validation evasion
)A. - 8&& attac6s

Day 9

*-,) &*ross -ite ,equest forgery0
Oen redirects
%TTP ,esonse -litting
)A. :.roser ,anipulation techni*ues

-ession management techniques
*ookie based session management
Tyes of cookies
*ookie roerties
*ookie information leakage
.ttack -cenarios on session management
%idden values
,eferrer based decisions
-ession fixation
Phishing attacks
)A. - %nsecure session ,anage,ent

Cross &ite &cripting (8&&) 1ulnerabilities
.roser $anipulation Techni*ues
%nsecure &ession $anage,ent

6 | P a g e

Day ;

-ymmetric *rytograhy
.symmetric *rytograhy
(igital -igning
P<! 6 *ertificate
--5 rotocol
--5 *iher suite
!nsufficient Transort 5ayer Protection
)A. :Cryptography pit(alls

Day 8

!ntroduction to .A.>
/eb 9.B -ecurity ?-. /eb 7.B -ecurity
*ommon .A.> security mistakes
-eriali$ation !njection
,!. &,ich !nternet .lication0 hacking
)lash hacking
%T15: hacking
)A. :+%A 1ulnerabilities

.lication 6 O- crash
*P= starvation
1emory starvation
)ile system starvation
,esource starvation
Triggering high network bandwidth
=ser level (o-
"xloiting a secific vulnerability
)A. - Application Do&

Cryptography Pit(alls
+%A 1ulnerabilities
Application Denial O( &ervice (Do&) 1ulnerabilities