Hacking and Defending Web Apps

Our Hacking and Defending Web Apps course is designed to teach web application developers the tools and techniques we use when targeting web apps during real world penetration tests. We’ll also review all of the findings from the session and give guidance on remediation, detailing how web apps could be hardened to make exploitation action more difficult and attack detection easier.

It’s also a useful course for those looking to break into Penetration Testing who want a first step on the journey.

Software developers often focus on building an application and making it functional. They’re often tied to strict deadlines and therefore, ensuring everything is secure is sometimes not the first priority.

Additionally, many security flaws can be subtle or difficult to spot if you’re not well versed in common vulnerability types and testing methods.

By using the 'hackers' point-of-view throughout the training course we allow those interested in developing a security testing capability to get started on that journey.

This course steps you through the common phases of a Web Application Penetration Test and allows you to gain an understanding of how hackers hack.

Mapping & Intelligence Gathering

Before the engagement begins, we will map the attack

surface to discover alive hosts, services, and versions.

As well as mapping application functionality

Vulnerability Discovery

We’ll demonstrate methods of finding and confirming

vulnerabilities to minimise false positives being

highlighted.

Proof of Concept & Confirmation

Where vulnerabilities are discovered a proof of concept

exploit will be created to demonstrate the potential

business risk. This ensures that false positives are

removed by manually confirming and demonstrating all

discovered vulnerabilities.

Exploitation                                                                                                                      Exploitation involves discovering weaknesses

within exposed applications and leveraging those

weaknesses to demonstrate as much business risk as

Want to know more about how our Hacking and Defending Web Apps security training course could benefit your organisation? Get in touch with one of our experts today for more info, or head over to Eventbrite to book your place on an upcoming session.