COURSE OUTLINE

ETHICAL HACKING C
U
RI
TY
TESTIN
G

PR
SE
Certified Security Testing

OF
TIFIED

ESSIONAL
CER
Professional (CSTP)

•
•
ET
HI G
C AL IN
H AC K

CORE-LEVEL COURSE Cost: £1,797.00 + VAT Duration: 3 days

Web application flaws COURSE OVERVIEW WHO SHOULD ATTEND

can leave an organisation This three-day course is designed to Anyone with responsibility for, or
give you the skills you need to undertake an interest in, the security of web
and its customers an application penetration test in order applications, including:
vulnerable to attacks. to ensure valuable data and assets zzSystem administrators

This web application are effectively protected. You will zzSoftware developers

have access to a functional ASP.NET zzBudding penetration testers

ethical hacking course
and PHP application through which zzAnyone subject to the requirements
will give you the knowledge theory is reinforced by way of practical of the Payment Card Industry Data
of, and protection exercises in order to demonstrate Security Standard (PCI DSS)
hacking techniques with defensive
against, the ‘OWASP Top
countermeasures always in mind. PREREQUISITES
Ten Web Application An understanding of how a web page
Security Vulnerabilities’, THE SKILLS YOU WILL LEARN is requested and delivered:
an essential component zzA number of methodologies for zzAre you familiar with the high-level

undertaking a web application components involved, e.g. browsers,

of modern information penetration test web servers, web applications and
security strategies and zzHow to exploit vulnerabilities to access databases?
a requirement of the data and functionality zzWhat are HTTP and HTML?

zzA range of defensive countermeasures

Payment Card Industry as well as sufficient knowledge as to An understanding of databases and
Data Security Standard how to counter these attacks SQL would also be an advantage:
(PCI DSS). zzDo you understand the concept

KEY BENEFITS of data storage in tables within a

This course will enable you to: relational database?
zzLearn effective techniques to identify zzCan you construct a simple SELECT

exploits and vulnerabilities statement to extract data from a table?

zzImprove your ability to respond

effectively to cyber threats WHAT QUALIFICATION

zzGain valuable preparation for the WILL I RECEIVE?
CREST Registered Penetration Tester Those delegates successfully passing
(CRT) examination and the knowledge the exam at the end of the course will
required to join our CAST course be awarded 7Safe’s Certified Security
(advanced web application security) Testing Professional (CSTP) qualification.
zzAcquire the skills and understanding

to progress to the next stage in your

career as a security professional

To find out if our cyber training is right for you, and to make a booking,
contact our education team on 01763 285 285 or email education@7safe.com
 COURSE OUTLINE

ETHICAL HACKING C
U
RI
TY
TESTIN
G

PR
SE
Certified Security Testing

OF
TIFIED

ESSIONAL
CER
Professional (CSTP)

•
•
ET
HI G
C AL IN
H AC K

CORE-LEVEL COURSE Cost: £1,797.00 + VAT Duration: 3 days

“The course content SYLLABUS

helped to reinforce my 1. Principles 6. Broken Access Control
existing knowledge and a. Web refresher a. Insecure Direct Object Reference
give real world examples b. Proxies b. Direct vs indirect object
and practical exercises c. The OWASP Top Ten references
for the key features of the d. Web application security c. Cross-site Request Forgery
content and syllabus.” auditing (CSRF)
 STP Delegate
C e. Tools and their limitations d. Missing Function Level Access
NewVoiceMedia Ltd f. HTTP request and response Control
modification e. Unvalidated Redirects and
g. Logic flaws Forwards

2. Injection 7. Security Misconfiguration

a. Types a. Identifying misconfiguration
b. Databases overview – b. Scenarios
data storage, SQL
c. Exploiting SQL injection – 8. Cross-site Scripting (XSS)
e.g. data theft, authentication a. JavaScript
d. Exploiting Blind SQL injection b. Email spoofing
e. Exploiting stored procedures c. Phishing
and Bypass d. Reflected and Persistent XSS
f. Exploiting leaked information e. Cookies, sessions and session
through errors hijacking
g. Exploiting Server-Side
Template Injection (SSTI) 9. Insecure Deserialization
h. Exploiting Server-Side a. Identifying insecure object
Request Forgery (SSRF) b. Scenarios
i. Exploiting Application
Programming Interface (API) 10. Using Components with
Known Vulnerabilities
3. Broken Authentication a. Identifying well know
a. Attacking authentication pages vulnerabilities with components
b. Exploiting predictable requests b. Scenarios
7Safe
c. Session management - cookies
Global Innovation
and Technology Centre
11. Insufficient Logging & Monitoring
Melbourn 4. Sensitive Data Exposure a. Scenarios
Herts, SG8 6DP a. Identifying sensitive data
United Kingdom b. Secure storage methods 12. Additional Web Auditing Tool
tel: +44(0) 1763 285 285  and Conclusions
education@7safe.com
5. XML External Entities (XXE) a. Scenarios
www.7safe.com
a. Identifying XXE
b. Scenarios

To find out if our cyber training is right for you, and to make a booking,
contact our education team on 01763 285 285 or email education@7safe.com