A venture of      
Home About Us Assessments CREST Trainings Certifications Contact Us
HOME > Penetration Testing and Ethical Hacking NEXT STEPS
Penetration Testing and Ethical Hacking

Contact Us | Register Now

Target Audience
The course is appropriate for both Novice and Experienced candidates under the following category:
 Web Testers
 Software Testers
 Software Developers
 Test Team Leads
 Information Security Consultants
 Test Engineers
 Quality Assurance Specialists
 Project Managers

The candidates must have Functional testing knowledge as well as a basic understanding of how applications work. No prior security testing experience is required.

Objectives
After the completion of the course, the participants would be able to:
 Have an understanding of web application security testing
 Identify why software security matters to their business
 Learn about the common web app vulnerabilities.
 Quickly Identify the riskiest areas of an application
 Report findings in a comprehensive manner in order to enable timely remediation

Outline

Topics
Introduction to Class
 Participants
 Familiarization with course material
 Familiarization with the protocols and timings
 Expectation setting and clarifications

Introduction to Ethical Hacking
 Foot printing and Reconnaissance
 System Hacking
 Server Fingerprinting
 Port Scanning
 Tools: HTTPrint, NMap, etc

Different types of malware
 Trojans and Backdoors
 Viruses and Worms

Other attacks
 Social Engineering
 Denial of Service

Introduction to Software Security
 Security in the System Development Lifecycle
 Thinking Like a Security Engineer
 Enumerating the Attack Surface

Standard Application Attack Vectors
 GET and POST
 Header
 Cookies
 Understanding the underlying protocols of the web
 Client server communications on the web (overview of HTTP requests and response)
 Adding session tracking to HTTP (the concept of sessions i.e. cookies, form based sessions etc)

Introduction to web app sec testing tools
 What are browser add-ons , firesheep, live http headers, tamper data
 What are web proxies burp, paros etc
 HTTP request interception and manipulation (including analysis of requests and
 Examining real HTTP requests/responses
 Session hijacking and session fixation.
 Insufficient Session Timeout
 Session Hijacking/Replaying (facebook) (demo)

Learn methods to discover various vulnerabilities
 Information leakage
 Command injection
 SQL injection
 Blind SQL injection
 Cross-Site Scripting (XSS)
 Cross-Site Request Forgery
 Session issues

Review of top web application vulnerabilities : (Hands on Exercise webgoat)
 Common Weaknesses
 Data Leakage Attacks
o Sniffing
o Path Traversal
o Parameter Tampering (Hands On!)
 Incorrect Resource Transfer between Spheres
o Bypassing Client-side Enforcement of Security
o Unrestricted File Upload
 Injection Attacks
o SQL Injection (Hands On!)
o Cross-site Scripting (XSS) (Hands On!)
o Session Riding/Cross-site Request Forgery (XSRF)

Introduction to Automated WebApp Testing tools
 IBM Rational AppScan
 Acunetix
 And many other automated open source Web app pen testing tools

Explore attack frameworks
 AttackAPI or
 BeEF or
 XSS-Proxy

Day Schedule
Registration: 8:30 - 9:30 a.m.
Morning Session 8:30 a.m. - 01:00 p.m.
Lunch 01:00 - 1:45 p.m.
Afternoon Session 1:45 - 5:00 p.m.

This is a typical daily schedule. Please confirm the program schedule at registration.

Registration Fee

Registration Fee
INR 12,000 for Single Nomination + 10.30% Service Tax
INR 45,600 for Task Force of Four + 10.30% Service Tax

 The price includes the course material, lunch & breaks each day, and a certificate of completion. Hotel and travel arrangements are the responsibility of the attendee.


ETI Cancellation Policy
  • All cancellations must be made in writing - either by mail, e-mail, or fax.
  • All payments must be received by ETI prior to the start of the workshop/seminar.
  • If cancelled 5 calendar days, or later, prior to the start date or for no-shows - NO REFUND
  • If cancelled 6-30 calendar days prior to the start date - 50 % of the workshop/seminar fee will be non-refundable.
  • If cancelled prior to 30 calendar days to the start date - A full refund will be issued.
  • You are welcome to substitute if you cannot attend, but please notify in advance.
  • You may reschedule with at least four weeks notice prior to the workshop/seminar for which you are currently registered.
  • Please send all cancellations and substitutions to support@edistatesting.com or call 91-80-490-23456

 		UPCOMING EVENTS

Risk Based Testing
Mar 19- Mar 20. Bangalore

Software Test Automation & TTCN
Mar 29- Mar 30. Bangalore

QA for Agile Projects
Feb 27- Feb 28. Mumbai
Feb 29- Mar 01. Bangalore

Practitioner Program on eggPlant
Feb 24. Bangalore

Penetration Testing & Ethical Hacking
Mar 15- Mar 16. Bangalore

Requirements Based Testing
Mar 29- Mar 31. Bangalore
Submit an Enquiry
Download ETI Training Catalogue
News Letter Sign Up
Register for a course
RECENT NEWS
QAI Partners with Everonn Education

 QAI Partners with Everonn Education Ltd.QAI has recently partnered with Everonn, India's largest VSAT education provider, with a network of over 1680 colleges
. Through this tie up, QAI will offer career programs, certifications, elearning courses to Everonn's networked colleges.
OTHER OFFERINGS
Recruit ready employable software testers from us.
CREST [Center for Ready Employable Software Testers] an initiative of ETI is established to provide you access to ready employable entry level software testing talent. Customized to your organizations context, we can support in your short term and long term demand for testers.
Click here to know more.
Edista Testing Institute - A venture of QAI Global Institute 
Privacy Policy | Terms of Service © 2011 All Rights Reserved.		 TEST REPUBLIC - COMMUNITY OF SOFTWARE TESTING PROFESSIONALS
9700+ Members | 210 Countries | Register Today!