Web hacking techniques and countermeasures

Overall objectives

• Understand the basics of web cybersecurity and the challenges associated with web applications.
• Identify and understand the main web vulnerabilities.
• Propose corrective measures and best practices to secure web applications.
• Gain practical experience in web pentesting.

The following topics will be covered during this training course.

Introduction to web cybersecurity

• Introduction to cybersecurity and its legal aspects.
• Ethical hacking.
• Web pentesting tools.
• OWASP Top 10.

Web vulnerabilities

Understanding the most common web vulnerabilities:

• SQL injections
• System command injections
• File upload vulnerabilities
• Authentication and sessions
• Cross-site scripting (XSS)
• User rights
• Security configuration issues
• Disclosure of sensitive and technical information
• Logical flaws
• Race conditions
• File inclusions and path traversal (LFI/RFI)
• Cross-site request forgery (CSRF)
• Open redirection
• Vulnerable components
• Server-side template injections (SSTI)
• Host header poisoning
• Securing a REST API
• JWT vulnerabilities
• Incorrect CORS configurations
• GraphQL vulnerabilities

FAQ

What tools will I use during the training?

The training will have you using web pentesting tools commonly used in the industry, such as Burp Suite, SQLMap, Kali Linux, and other open-source tools.

What will I take away with me at the end of the training?

You will be provided with the complete course materials in PDF format, as well as additional resources to continue your learning.

Is the training practical?

Yes, the training is practice-oriented with numerous exercises and pentesting sessions in secure environments.