Building and Breaking: Web Applications
Our "Building and Breaking" series is ideal for those looking to break into cyber security as a career or develop their security testing skills.
So whether you're a software developer looking to build more secure applications, or wanting to become a penetration tester in the future - this course will help you build the key skills needed for your role.
This course covers the methodology for performing effective security testing, an overview of common vulnerabilities and defensive mechanisms, and hands-on labs to let you test your understanding and experiment with common real-world vulnerabilities.
On the day, we'll start with the OWASP Top 10 and cover key vulnerabilities such as Injection and Cross-site Scripting, before moving on to more complex issues such as filter evasion and business logic issues.
There's more to effective security testing and secure system development than just knowing about vulnerabilities and their exploitation - we also cover the stages of a penetration test to ensure that your approach to security testing achieves good coverage:
- Intelligence Gathering
- Application Mapping
- Vulnerability Discovery
- Exploitation and Filter Evasion
- Proof-of-Concept Development
- Privilege Escalation
Our bespoke hands-on labs cover common vulnerabilities with a range of difficulties and filters, allowing you to ensure that you've understood the fundamentals of a vulnerability before moving on to more challenging examples. We have a range of labs, such as:
- SQL Injection
- Command Injection
- XML External Entity (XXE) Injection
- Cross-site Scripting (XSS)
- DOM-based Cross-site Scripting
- Path Traversal
- File Upload and Web Shells
Whilst it's often the least talked about part of security testing - remediation is of course the most important. It doesn't matter how many vulnerabilities you find if you can't quickly and effectively explain to the team how they can fix them. For each vulnerability discussed we will discuss a specific remediation, as well as giving examples of hardening options throughout to make applications more resilient to attacks in general.
Whatever the reason you're hutting security bugs is, you'll very likely need to share the findings of your hunting with other people. Therefore we'll also cover effective report writing techniques. Covering how to write reports efficiently so you can spend more time hacking, as well as how to ensure that your report includes the right amount of technical detail within the description, steps to recreate, and remediation sections.
Optional: Recruitment Guide
For those looking specifically to break into a penetration testing role, we also include content based around common recruitment techniques and technical assessments used by penetration testing companies to ensure that you're in the best position to secure your first role.
Interested in a Workshop?
If you're interested in booking a workshop or training session for your team, get in touch below:
Check Out Our Other Training Courses
Building and Breaking: Networks & Servers
Our "Building and Breaking Networks" training course teaches how hackers compromise networks, servers, and workstations. As well as the methodology needed to to perform effective security tests, and how to harden these systems from attack.
Security Awareness Training
Awareness Training can be a key part to reducing the risk of threats such as social engineering and phishing – our awareness training covers key areas of security, how hackers break systems, and how your staff can keep your company secure.