For direct assistance contact us! +91-9999508202 [email protected]
Select Page

Advanced White box attacks

Advanced white box web attacks is an detailed secure code review course designed for experienced penetration testers and web developers . The need of secure source code is increasing day by day in production enviournments . Web Applications often depends on dynamic application security testing but this is not the complete solution for overall security of an MVC or hybrid Web Application . Secure source code review assures that right functions and core secure validations needs to be implemented in the application so that it wont affect the end users work when the code is live . Advanced white box attacks training will prepare the mindset of how to approach an web application as an white box pentester point of view  , Which functionality should be checked from thousands of lines of code , what can go wrong  with certain function and objects etc. 

This training is mainly focused to examine issues in various programming languages like Java , ASP.NET , C# , Node.js , Php , ruby etc . At the end of the training candidate will able to automate the complex attack chain in a nutshell .

The main prerequiste of this training is that candidate should faimiler with object orianted programming and web application Framework basics .

Advance white box attacks-3
 

syllabus

syllabus

Advanced white box attacks 1
module 1 : Foundations of Advanced white web attacks
  • Global Standards & Frameworks
  • DAST vs SAST methodologies
  • Web Technologies – front-end and back-end technology
  • Web application architecture
  • MVC and other Frameworks
Advanced white box attacks 2
module 2 : Understanding Tools and decompilation
  • Modifying the code assemblies with Visual studio and add ons
  • Other source code review industrial tools
  • Web sockets and RPC legacy issues
  • Dot Net decompilation and reconstructing the apps
  • Java decompilation and audit

 

Advanced white box attacks 3
module 3 : Language primer
  • Basics of object oriented programming
  • Python baselines
  • Python web request and response handling 
  • Python Network programming basics
  • Python Custom script development
  • Regex primer for pentesters
Advanced white box attacks 4
module 4 : Secure code review audit
  • Authentication bypass flaws audit
  • SQL Injection attacks audit
  • cross site scripting audit
  • command injection audit
  • code injection audit
  • Password attacks  audit
  • cross site request forgery audit
  • File upload vulnerabilities audit
  • Server side request forgery audits
  • Xml attacks and audits
  • session and cookies encryption audit 

 

Advanced white box attacks 5
module 5 : Advanced code review
  • Remote code execution attack mapping
  • Deserialization attacks chain rce 
  • Database libraries exploitation
  • Type Juggling exploitation
  • CMS audits
  • Templete engines exploitation
  • Common API attacks
Advanced white box attacks 6
module 6 : report writing

Systematic procedure to focus on macros and micros of Code Review report .

 

who should attend this training?
  • Web developers
  • Security Professionals
  • DevSecOps Enginner
  • Security Enginners Devops
why should i take this training?
The complete web applicaiton security resides inside in the code and in require an strong audit specially in production enviournents . To enhance code review experiece to next level join the advanced white box attacks training today !
pri-requisite of the training ?

Cnadidate must have some experience in  dynamic web pentesting and also understands the object orianted programming basics .

what is the total duration of the training ?

Its an Instructor-led online training and the total duration of the training is 40 hours.

advanced white box attacks 

enquiry 

 

 

15 + 11 =

Our clients

T estimonials

This is the best place of learning for those seeking TRUE learning in cyber security…..there are many many institutes but amount of practical knowledge matters that one can have here….and also very friendly and professional faculty….
Amit

Cyber Security Expert, ICSS

Certcube labs is an extremely recommendable place for people who are looking out for the courses of cyber security and ethical hacking with certifications , The trainers are experienced and are really skilled and helpful .

Nakul

BSC, DU

We're Here To Help!

Office

3500 , 1st Floor , Raja Park , New Delhi -110034

Hours

M-S: 10am - 11pm