CERTIFIED INTELLIGENT WEB PENETRATION TESTING

Formations CERTIFIED INTELLIGENT WEB PENETRATION TESTING

DESCRIPTION

An intrusion test is to assess the security of an IT infrastructure by safely attempting to exploit vulnerabilities that may exist in operating systems, inappropriate configurations, application errors, or end-user behavior . Intrusion testing is an attempt to test the effectiveness of security measures and discover any potential exploit or backdoors that may be present in computer systems; Through which hackers and cybercriminals can gain unauthorized access or malicious activity. In addition, intrusion testing is an advanced tool for detecting, analyzing and implementing protective restrictions to the IT infrastructure in order to mitigate the potential for financial losses generated by malicious activity. By becoming certified "Intelligent Web Penetration Testing" you will be able to:

  • Identify and analyze the organization's exposure to cybersecurity threats
  • Improve your core cyber security auditing skills
  • Learn the techniques, tools and methods of hacking used by intrusion testers
  • Effectively manage time and resources
  • Obtain international recognition of the industry as a legal and ethical cybersecurity professional

PREREQUISITES AND TARGETED PUBLIC

  • Any person required to perform the security function of the responsible information systems: CISO, Administrator / Engineer Network and Security, Security Auditor, CIO, Security Technician.
  • To successfully complete this course, students must have experience in Windows and / or UNIX / LINUX operating systems, as well as networking and TCP / IP knowledge.

EXAMINATION

The exam consists of a LAB containing targets of different configurations and operating systems and a QCM. At the beginning of the examination, the student receives examination and connectivity instructions for a network of isolated exams to which they have no prior knowledge or exposure. The candidate will demonstrate his / her ability to search the network (gathering information), identify all vulnerabilities and successfully execute attacks. This often includes modifying the operating code in order to compromise the systems and gain access and above all look for the flag. Review details:

  • Content: The exam consists of 30 questions and one LAB for a duration of 2 hours.
  • Mode: QCM and LAB on machine
  • Duration: 1 hour for 30 QCM questions and 1 hour for Lab (challenge)
  • Documents authorized: Yes
  • Supervision of the examination: The examination is supervised by 2 persons: a supervisor of Intelligent Security IT and an external supervisor (ANSI, Security expert, CISO, etc ...).
  • Successful completion: 60% of the QCM and Find the Lab flag.
  • Result of the examination: The result is announced immediately after the end of the examination (after the 2 Hours).

LANGUAGE OF TRAINING

  • Language: French
  • Course materials: French

DURATION

3 days from 9am to 6pm

PERIOD

Examination is scheduled at the end of the third day (from 4:00pm to 6:00pm)

TRAINING PROGRAM

  • 1. Introduction to "Penetration Testing"
  • 2. Basic Windows Command
  • 3. Basic Linux Command
  • 4. SQL Injection Login Bypass (Tools : None)
  • 5. SQL Injection String (Tools : Sqlmap)
  • 6. SQL Injection Blind (Tools : Python Script)
  • 7. Command Execution (Tools : netcat , Commix)
  • 8. Password Attack Get Method (Tools : Hydra,Python Script,BurpSuite)
  • 9. Password Attack POST Method (Tools : Hydra,Python Script,BurpSuite)
  • 10. Http Verb Tampering (Tools : Live HTTP Headres (Firefox Add-on), Curl)
  • 11. Unvalidated Redirects and Forwards (Tools : NoRedirect (Firefox Add-on), Curl)
  • 12. Upload (Tools : None)
  • 13. Upload Filtred (Tools : Tamper Data (Firefox Add-on))
  • 14. PHP Loose Comparisons (Tools : Acunetix , Dirb , Tamper Data (Firefox Addon)
  • 15. Time Attack (Tools : Python Script)
  • 16. XSS Reflected (Tools : None)
  • 17. XSS Stored (Tools : OWASP Xenotix XSS Exploit Framework)
  • 18. XSS Stored Filtered (Tools : BurpSuite)
  • 19. LFI (Tools : None)
  • 20. RFI (Tools : Apache , fimap)
  • 21. CSRF Attack (Tools : None)

Do not hesitate to contact our experts for any additional information, study and free calculation of an audit service.