*(ISC)² Members/Associates can access this course for free by logging in above and clicking the 'My Courses' menu item.

Course Summary

In this Express Learning self-paced course, you will be introduced to the discipline of web application penetration testing and gain a hands-on perspective of how a penetration tester (pentester) applies methodology with practice to test web applications for security flaws. We will review several basic web application penetration testing techniques and gain hands-on experience as a penetration tester using a popular open source (FOSS) tool, Burp Suite. You will also learn to examine injection attacks such as cross-site scripting and SQL injection attacks and learn how to perform automated attacks with Intruder, as well as analyze responses with Repeater and Comparer.

Modules Included

This course includes the following three (3) modules: (1) Web Application Penetration Testing Using Burp Suite (2) Cross-Site Scripting Attacks Against bWAPP (3) SQL Injection Attacks Using bWapp.

Audience or Who Should Take This Course

Developers, penetration testers, and IT professionals

Experience Required

In order to gain the best benefit from this course it is expected for you to have familiarity with:
• Virtualized environments such as VMWare or VirtualBox
• Understanding and configuring browser proxy settings
• Understanding of web protocols and the various requests, responses and status codes
• Familiarity with packet structure and OSI model

How This Course Works

In this course you will follow course author Sunny Wear as she works you through the concepts of Web Application Penetration Testing using a Burp Suite, a popular web application testing tool. Throughout the course you will have the opportunity to practice via exercises and assess your learning through knowledge checks.

At the end of the course, you will be asked to take a final assessment. Please note that you must score 70% or higher on the final assessment prior to receiving a certificate of completion and earning two (2) continuing professional education (CPE) credits.

CPE Reporting

CPE credits earned for this course may be eligible for continuing professional education credits for non-(ISC)² certifications. Please visit the continuing education requirements established by the credentialing organization for eligibility.

Members: Starting January 1st, 2022, CPE Credits for (ISC)² credentials will be reported by Member Services on the 1st of every month. Please allow 10 business days for processing. Courses completed prior to 1/1/2022 will need to be self-reported by members and associates through the (ISC)² CPE Portal accessible via www.isc2.org using your member login credentials.

For specific questions related to your CPE credits or the CPE portal please contact member support - membersupport@isc2.org