*** Note: Complete Program Content Launch Date: 25th April 2018 **

WEB APPLICATION SECURITY TESTING (WAST)

Self-Paced Online | 90 Days Access | ‘WASD’ Certificate Attempt 

Aligned with OWASP Top 10 (2017) Risk, Testing Guide (v4) & Recommended Practices

Hack2Secure’s Self-Paced Online program on Web Application Security Testing provides required exposure and understanding on different Web Security Risk and Attack vectors. Scoped around OWASP Top 10 (2017) Web Application Security Risk and Security Testing Guide, these intensive concept oriented sessions provide deep-dive on required testing tips and tricks to evaluate, test and assess Web Application Security flaws.

Explore More about Program & Curriculum

Key Take Away
Injection Attacks
 Web Reconnaissance
Cross Site Scripting (XSS)
 SSL/TLS Protocol: Handshake & Testing
Cross Site Request Forgery (XSRF)
 Web Scanning, Fingerprinting & Spidering
Broken Authentication & Access Controls
 Client Side Attacks
Burp Suite, Zed Attack Proxy (ZAP)
 Nmap, Netcat, Recon-Ng
Session Management Flaws
 Nikto, XSSer, SQLMap, W3af
Insecure External XML Entities (XXE)
 Web Application Filters & Firewalls
Program Benefits
Self-Paced Sessions | 90 Days Access
 WASD Cert Voucher: 1 Attempt | 6 months validity
Online Training Completion Certificate
 Soft Deliverable

Explore More about Program & Curriculum 

Who Should Enroll
Professional 
  • Looking to explore and adopt Web/Software Security Testing Practices 
  • Looking to learn Web/Software Security Testing Tools, Techniques & Practices
  • Software Testers (QE/QA), Test Leads, Developers 

Security Practitioners

  • Looking to explore Web Security concerns and attack scenarios
Fresh College Graduate / Student 
  • Looking to learn skills & build career in Web Security Domain
WASD Cert Attempt
Voucher: 1 Attempt, 6 Months Validity
 Exam: 180 mins, 90 MCQ

Learn more: www.hack2secure.com/wasdWASD Brochure

To Schedule WASD Cert Exam, visit: www.pearsonvue.com/hack2secure

Course Curriculum

  • 1

    Program Introduction

    • About WAST Program

    • Web Application Security Testing: Program Brochure

    • About Web Application Security Defender (WASD) Exam
  • 2

    Module#1: Building the Base [Concepts, Processes & Methodologies]

    • Introducing Web & Web Security Testing

    • HTTP & HTTPS Protocol: Deep-Dive & Analysis

    • OWASP: Top10 Risk, Testing Guide .. & More
  • 3

    Module#2: Casual Leakage Points [Reconnaissance]

    • Web Reconnaissance: Importance and Practices

    • DNS Protocol: Overview, Working, Zone Transfers | Nslookup

    • Web Site Mirroring: Httrack | IOT Devices Reconn. : Shodan | Recon-NG, TheHarvester

    • Exploring Google Search: Keywords, Filters & Google Hacking Database (GHDB)
  • 4

    Module#3: Looking for Entry Point [Scanning, Fingerprinting & Spidering]

    • Scanning & FingerPrinting | NMAP, NETCAT & NIKTO

    • Spidering/Crawling | Burp Suite & ZAP (Spidering)

    • Fuzzing: About, What to Look for | Burp Suite (Intruder), ZAP (Fuzzing)

    • Directory Browsing | Dirbuster, ZAP (to explore hidden Directories)
  • 5

    Module#4: Analyzing A.A.A. Concerns

    • Authentication: About, Types, Schemes, Password cracking

    • Authorization: Access Control Models, Attack Scenarios

    • Accountability: About, Secure Logging Practices
  • 6

    Module#5: Session Management

    • Introducing “Sessions” & Tracking Methods | Session Randomness

    • Attacks on Session: Fixation, Hijacking & Tampering

    • Securing Session Cookies & Headers

    • Cross Site Request Forgery: About, Myths, Defensive Measures
  • 7

    Module#6: Injection Attacks

    • SQL Query: Primer

    • SQL Injection (SQLi): About, Root Cause, Analysis, Types | SQLmap

    • Command Injection: About, Root Cause

    • [Local/Remote] File Inclusion Vulnerability
  • 8

    Module#7: Cross Site Scripting (XSS)

    • JavaScript: Primer for Application Security Testing

    • XSS: Overview, How it Works, Types & Analysis | XSSer

    • HTML Injection
  • 9

    Module#8: Web Services & APIs

    • About Web Services & Testing Requirements

    • JSON & AJAX: Usage & Features

    • Web attacks using SOAP queries
  • 10

    Module#9: Web Application Filters and Firewall (WAF)

    • Web Filtering: .NET & ESAPI Filtering Options

    • Web Firewall: Types, Detection & Attack methods
  • 11

    Module#10: Buffer Overflow Attacks

    • Stack & Heap Overflow

    • Format String Vulnerability

F.A.Q.

1. Is there any Prerequisites to attend this program?

No, there is no prerequisites to attend WAST Self-Paced Online sessions, however, it is recommended that the candidate should have basic awareness about Internet and related flaws, Software/Application Testing to understand the concepts easily.

2. When does the Training program start and finish?

You will be provided with 90 Days of content access delivered in Self Paced mode. Its upon you to when to start and finish in this duration. However, associated Cert Vouchers will expire after 6 months.

3. How will I receive and use the Discounted ‘WASD’ Exam Voucher?

Your 100% Discounted ‘WASD’ Certificate exam Voucher with 6 months validity will be emailed to you within 48 hrs of your enrollment to this program. This voucher can be used to schedule an exam online at www.pearsonvue.com/hack2secure .

4. This is a Limited Time Program. How my related queries will be resolved?

For any program related technical & non-technical queries, You will receive a dedicated email-id and chance to work closely with H2S Team to get it resolved. Average query response time is 2 working Day.

H2S also supports candidates, even after program access is expired. However, query response time in this duration will be higher. 

5. How should I pay for this Program?

You can get enrolled for this Program by paying the required fees either using your Credit Card or PayPal Account.

For any concern or query, feel free to write us at [email protected]. We will be more than happy to help you.