SANS - SEC642: Advanced Web App Penetration Testing, Ethical Hacking, and Exploitation Techniques

Adrien de Beaupre (et al.) | Duration: 24h+ | Video: VP8 1260x720 | Audio: Vorbis 32 kHz mono | 4,56 GB | Language: English

SEC642 will teach you the advanced skills and techniques required to test modern web applications and next-generation technologies. In this course, you will learn through a combination of lectures, real-world experiences, and hands-on exercises that will teach you the techniques to test the security of tried-and-true internal enterprise web technologies, as well as cutting-edge Internet-facing applications. On the final day of the course, you will apply the knowledge you have acquired in a Capture-the-Flag competition, a fun environment based on real-world technologies.

You Will Learn

• How to discover and exploit vulnerabilities in modern web frameworks, technologies, and backends
• Skills to test and exploit specific technologies such as HTTP/2, Web Sockets, and Node.js
• How to evaluate and find vulnerabilities in the many uses of encryption within modern web applications
• Skills to test and evaluate mobile backends and web services used in an enterprise
• Methods to recognize and bypass custom developer, web framework, and Web Application Firewall defenses

You Will Be Able To

• Perform advanced Local File Include (LFI)/Remote File Include (RFI), Blind SQL injection (SQLi), and Cross-Site Scripting (XSS) combined with Cross-Site Request Forger (XSRF) discovery and exploitation
• Exploit advanced vulnerabilities common to most backend language like Mass Assignments, Type Juggling, and Object Serialization
• Perform jаvascript-based injection against ExpressJS, Node.js, and NoSQL
• Understand the special testing methods for content management systems such as SharePoint and WordPress
• Identify and exploit encryption implementations within web applications and frameworks
• Discover XML Entity and XPath vulnerabilities in SOAP or REST web services and other datastores
• Use tools and techniques to work with and exploit HTTP/2 and Web Sockets
• Identify and bypass Web Application Firewalls and application filtering techniques to exploit the system