Advanced White box attacks
Advanced white box web attacks is an detailed secure code review course designed for experienced penetration testers and web developers . The need of secure source code is increasing day by day in production enviournments . Web Applications often depends on dynamic application security testing but this is not the complete solution for overall security of an MVC or Web Application Secure source code review assures that right functions and core secure validations needs to be implemented in the application so that it wont affect the end users work when the code is live . Advanced white box attacks training will prepare the mindset of how exactly approach an web application for testing the code , Which functionality should be checked from thousands of lines of code , what can go wrong with certain function and objects etc.
This training is mainly focused to examine issues in various programming languages like Java , ASP.NET , C# , Node.js , Php , ruby etc . At the end of the training candidate will able to automate the complex attack chain in a single exploit and get the controls over the target .
The main prerequiste of this training is that candidate should faimiler with object orianted programming and web application Framework basics .
REAL LIFE CASE STUDIES
INSTRUCTOR-LED SESSIONS
INDUSTRY DRIVEN CERTIFICATION
DAILY ASSIGNMENTS
STUDENT LEARNING KIT
syllabus
syllabus
module 1 : Foundations of Advanced white web attacks
- Global Standards & Frameworks
- DAST vs SAST methodologies
- Web Technologies – front-end and back-end technology
- Web application architecture
- MVC and other Frameworks
module 2 : Understanding Tools
- Burpsuite deep dive
- Modifying the code assemblies with Visual studio and add ons
- Modifying and testing the Android apps
- Other source code review industrial tools
- Web sockets and comman issues
module 3 : Language primer
- Basics of object oriented programming
- Python baselines
- Python web request and response handling
- Python Network programming basics
- Python Custom script development
- Sql primer for pentesters
- Php and Java primer for pentesters
- C# and Dot net primer for pentesters
- Regex primer for pentesters
module 4 : Secure code review audit
- Authentication bypass flaws audit
- SQL Injection attacks audit
- cross site scripting audit
- command injection audit
- code injection audit
- Password attacks audit
- cross site request forgery audit
- File upload vulnerabilities audit
- Server side request forgery audits
- Xml attacks and audits
- Other attacks
module 5 : Advanced code review
- Dot Net decompilation and rebuilt the apps
- Java decompilation and audit
- Java Deserialization attacks chain rce
- Php Deserialization attacks chain rce
- Dot net Deserialization attacks chain rce
- Node Js Deserialization attacks chain rce
- Database libraries exploitation
- Php Type Juggling exploitation
- Remote code execution attack mapping
- Cross site scripting to rce
- command injection to rce
- SQL Injection to rce
- Enterprise frameworks remote code execution and audits
module 6 : report writing
Systematic procedure to focus on macros and micros of Code Review report .
who should attend this training?
- Web developers
- Security Professionals
- DevSecOps Enginner
- Security Enginners Devops
why should i take this training?
The complete web applicaiton security resides inside in the code and in require an strong audit specially in production enviournents enhance you learning experience of secure code review with advanced white box attackspri-requisite of the training ?
Must be an experienced security professional and person must understand the object orianted programming basics
what is the total duration of the training ?
Its an Instructor-led online training and the total duration of the training is 80 hours.
For more info about advanced white
box attacks connect with us today
Whats Next ?
Checkout the advanced training modules with the given below link.
Testimonials
Certcube labs is an extremely recommendable place for people who are looking out for the courses of cyber security and ethical hacking with certifications , The trainers are experienced and are really skilled and helpful .