Web Application Penetration Test

Required knowledge

  • Basic knowledge of Linux systems

Target group

  • Web developers, system administrators 

Date and location

  • TBA
  • Remote training session. Online course that you can access remotely.

Required material

  • Participants need to have their own laptops with a web browser pre-installed (preferably Google Chrome) and an RDP client.

Trainer and course language

  • Massimo Giaimo, Team Leader Cyber Security Solutions at Würth Phoenix
  • Simone Cagol, Solution Architect - Cyber Security Solutions at Würth Phoenix
  • The course will be held in Italian.
  • The training material is always in English.

Costs

  • Participation: € 2.200 (excl. of VAT)

Agenda

Day 1

  • System Overview
  • Secure configuration of the development environment
  • Secure configuration of the web server
  • Applying the correct permissions
  • Prevention of DDoS attacks
  • Defending with WAFs

Day 2

  • Introduction to Web Application Security
  • Information Gathering
  • Authentication (default credentials, lock out mechanism, remember password functionality, password policy, password change and reset mechanisms)
  • Authorisation (Directory Transversal, Privilege Escalation) 
  • Session Management (Cookies attributes, Session fixation, Cross Site Request Forgery, Session Timeout)
  • Workshop with WAPT tools

Day 3

  • Input Validation (Reflected & Stored Cross Site Scripting, HTTP Verb Tampering, HTTP Parameter Pollution, SQL Injection)
  • Error Handling (error code management)
  • Workshop with WAPT tools

I would like to attend the training

Trainings-Form

Personal Information
Thank your very much for your request and your interest on our trainings. All information on your registration will be handled in full compliance with the policies related to the GDPR. Your personal data will treated confidentially; neither your name nor your company's name will be made accessible to third parties.