Web Application Penetration Testing
*(ISC)² Members/Associates can access this course for free by logging in above and clicking the 'My Courses' menu item.
In this Express Learning self-paced course, you will be introduced to the discipline of web application penetration testing and gain a hands-on perspective of how a penetration tester (pentester) applies methodology with practice to test web applications for security flaws. We will review several basic web application penetration testing techniques and gain hands-on experience as a penetration tester using a popular open source (FOSS) tool, Burp Suite. You will also learn to examine injection attacks such as cross-site scripting and SQL injection attacks and learn how to perform automated attacks with Intruder, as well as analyze responses with Repeater and Comparer.
This course includes the following three (3) modules: (1) Web Application Penetration Testing Using Burp Suite (2) Cross-Site Scripting Attacks Against bWAPP (3) SQL Injection Attacks Using bWapp.
Audience or Who Should Take This Course
Developers, penetration testers, and IT professionals
In order to gain the best benefit from this course it is expected for you to have familiarity with:
• Virtualized environments such as VMWare or VirtualBox
• Understanding and configuring browser proxy settings
• Understanding of web protocols and the various requests, responses and status codes
• Familiarity with packet structure and OSI model
How This Course Works
In this course you will follow course author Sunny Wear as she works you through the concepts of Web Application Penetration Testing using a Burp Suite, a popular web application testing tool. Throughout the course you will have the opportunity to practice via exercises and assess your learning through knowledge checks.
At the end of the course, you will be asked to take a final assessment. Please note that you must score 70% or higher on the final assessment prior to receiving a certificate of completion and earning two (2) continuing professional education (CPE) credits.
Please make sure at the end of the course that you download and retain the certificate of completion as proof of credits earned. CPEs earned for this course may be eligible for continuing professional education credits for non-(ISC)² certifications. Please visit the continuing education requirements established by the credentialing organization for eligibility.