Scribd Logo
Upload

Welcome to Scribd!

  • 7safe Course Outline CSTP PDF

    Uploaded by

    razu1234
    23 views2 pages

    Original Title

    7safe_course_outline_cstp.pdf

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    23 views2 pages

    7safe Course Outline CSTP PDF

    Uploaded by

    razu1234

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    COURSE OUTLINE

    ETHICAL HACKING C
    U
    RI
    TY
    TESTIN
    G

    PR
    SE
    Certified Security Testing

    OF
    TIFIED

    ESSIONAL
    CER
    Professional (CSTP)



    ET
    HI G
    C AL IN
    H AC K

    CORE-LEVEL COURSE Cost: £1,797.00 + VAT Duration: 3 days

    Web application flaws COURSE OVERVIEW WHO SHOULD ATTEND


    can leave an organisation This three-day course is designed to Anyone with responsibility for, or
    give you the skills you need to undertake an interest in, the security of web
    and its customers an application penetration test in order applications, including:
    vulnerable to attacks. to ensure valuable data and assets zzSystem administrators

    This web application are effectively protected. You will zzSoftware developers

    have access to a functional ASP.NET zzBudding penetration testers


    ethical hacking course
    and PHP application through which zzAnyone subject to the requirements
    will give you the knowledge theory is reinforced by way of practical of the Payment Card Industry Data
    of, and protection exercises in order to demonstrate Security Standard (PCI DSS)
    hacking techniques with defensive
    against, the ‘OWASP Top
    countermeasures always in mind. PREREQUISITES
    Ten Web Application An understanding of how a web page
    Security Vulnerabilities’, THE SKILLS YOU WILL LEARN is requested and delivered:
    an essential component zzA number of methodologies for zzAre you familiar with the high-level

    undertaking a web application components involved, e.g. browsers,


    of modern information penetration test web servers, web applications and
    security strategies and zzHow to exploit vulnerabilities to access databases?
    a requirement of the data and functionality zzWhat are HTTP and HTML?

    zzA range of defensive countermeasures


    Payment Card Industry as well as sufficient knowledge as to An understanding of databases and
    Data Security Standard how to counter these attacks SQL would also be an advantage:
    (PCI DSS). zzDo you understand the concept

    KEY BENEFITS of data storage in tables within a


    This course will enable you to: relational database?
    zzLearn effective techniques to identify zzCan you construct a simple SELECT

    exploits and vulnerabilities statement to extract data from a table?


    zzImprove your ability to respond

    effectively to cyber threats WHAT QUALIFICATION


    zzGain valuable preparation for the WILL I RECEIVE?
    CREST Registered Penetration Tester Those delegates successfully passing
    (CRT) examination and the knowledge the exam at the end of the course will
    required to join our CAST course be awarded 7Safe’s Certified Security
    (advanced web application security) Testing Professional (CSTP) qualification.
    zzAcquire the skills and understanding

    to progress to the next stage in your


    career as a security professional

    To find out if our cyber training is right for you, and to make a booking,
    contact our education team on 01763 285 285 or email education@7safe.com
    COURSE OUTLINE

    ETHICAL HACKING C
    U
    RI
    TY
    TESTIN
    G

    PR
    SE
    Certified Security Testing

    OF
    TIFIED

    ESSIONAL
    CER
    Professional (CSTP)



    ET
    HI G
    C AL IN
    H AC K

    CORE-LEVEL COURSE Cost: £1,797.00 + VAT Duration: 3 days

    “The course content SYLLABUS


    helped to reinforce my 1. Principles 6. Broken Access Control
    existing knowledge and a. Web refresher a. Insecure Direct Object Reference
    give real world examples b. Proxies b. Direct vs indirect object
    and practical exercises c. The OWASP Top Ten references
    for the key features of the d. Web application security c. Cross-site Request Forgery
    content and syllabus.” auditing (CSRF)
     STP Delegate
    C e. Tools and their limitations d. Missing Function Level Access
    NewVoiceMedia Ltd f. HTTP request and response Control
    modification e. Unvalidated Redirects and
    g. Logic flaws Forwards

    2. Injection 7. Security Misconfiguration


    a. Types a. Identifying misconfiguration
    b. Databases overview – b. Scenarios
    data storage, SQL
    c. Exploiting SQL injection – 8. Cross-site Scripting (XSS)
    e.g. data theft, authentication a. JavaScript
    d. Exploiting Blind SQL injection b. Email spoofing
    e. Exploiting stored procedures c. Phishing
    and Bypass d. Reflected and Persistent XSS
    f. Exploiting leaked information e. Cookies, sessions and session
    through errors hijacking
    g. Exploiting Server-Side
    Template Injection (SSTI) 9. Insecure Deserialization
    h. Exploiting Server-Side a. Identifying insecure object
    Request Forgery (SSRF) b. Scenarios
    i. Exploiting Application
    Programming Interface (API) 10. Using Components with
    Known Vulnerabilities
    3. Broken Authentication a. Identifying well know
    a. Attacking authentication pages vulnerabilities with components
    b. Exploiting predictable requests b. Scenarios
    7Safe
    c. Session management - cookies
    Global Innovation
    and Technology Centre
    11. Insufficient Logging & Monitoring
    Melbourn 4. Sensitive Data Exposure a. Scenarios
    Herts, SG8 6DP a. Identifying sensitive data
    United Kingdom b. Secure storage methods 12. Additional Web Auditing Tool
    tel: +44(0) 1763 285 285  and Conclusions
    education@7safe.com
    5. XML External Entities (XXE) a. Scenarios
    www.7safe.com
    a. Identifying XXE
    b. Scenarios

    To find out if our cyber training is right for you, and to make a booking,
    contact our education team on 01763 285 285 or email education@7safe.com

    You might also like