Sans Sec 542 54.pdf
Sans Sec 542 54.pdf > https://shurll.com/2ttSUS
SANS SEC542: Web App Penetration Testing and Ethical Hacking
If you are interested in learning how to test and secure web applications, you might want to check out the SANS SEC542 course. This course teaches you the four-step process for web application penetration testing, as well as how to use various tools and techniques to find and exploit common web vulnerabilities. You will also learn how to write your own scripts and payloads to automate and customize your attacks. By the end of this course, you will be able to assess the security posture of any web application and demonstrate the business impact of the discovered flaws.
Course Overview
The course consists of six days of hands-on training, covering the following topics:
Day 1: The Attacker's View of the Web - You will learn about the web technology stack, HTTP protocol, web proxies, and common web attacks.
Day 2: Web Penetration Testing: Configuration, Identity, and Authentication Testing - You will learn how to test for misconfigurations, insecure communications, weak authentication, and session management issues.
Day 3: Web Penetration Testing: Injection - You will learn how to exploit SQL injection, command injection, file inclusion, and other injection flaws.
Day 4: Web Penetration Testing: JavaScript and XSS - You will learn how to leverage JavaScript for reconnaissance, exploitation, and post-exploitation. You will also learn how to perform cross-site scripting (XSS) attacks and bypass filters and defenses.
Day 5: Web Penetration Testing: CSRF, Logic Flaws, and Advanced Tools - You will learn how to exploit cross-site request forgery (CSRF), logic flaws, business vulnerabilities, and other advanced issues. You will also learn how to use tools such as FuzzDB, Durzosploit, Ratproxy, and Zed Attack Proxy.
Day 6: Capture the Flag Event - You will apply your skills and knowledge to a realistic web penetration testing scenario in a capture the flag (CTF) event.
Course Benefits
By taking this course, you will gain:
A thorough understanding of web application security issues and how attackers exploit them.
A practical skill set for performing professional web application penetration testing.
A preparation for the GIAC Web Application Penetration Tester (GWAPT) certification exam.
A valuable experience of learning from seasoned professionals and networking with peers.
Course Prerequisites
This course is designed for intermediate to advanced level students who have some background in penetration testing or ethical hacking. You should have:
A basic knowledge of web application development and programming languages such as HTML, JavaScript, PHP, SQL, etc.
A familiarity with Linux command line and scripting tools such as Python.
An access to a laptop that can run a virtual machine with at least 8 GB of RAM and 40 GB of free disk space.
Course Authors
This course was created by Eric Conrad, Timothy McKenzie, Bojan Zdrnja, and Seth Misenar. They are all certified instructors and experts in web application security with years of experience in teaching and consulting. 248dff8e21
