Penetration Testing Training Course

Gain practical experience of analysing and hardening your software applications and APIs against external threat

Standard duration: 2 Days
Email course link

Customise this course for your team

We can tailor your syllabus to take into account your group's current skills, technology stack, and specific learning goals - as part of a wider training programme or as a standalone workshop.

Enquire now to find out about our cost-effective options:

"I felt I learned a lot in short period. Real-world experience from the instructor was a major plus. Many thanks!"

PCI DSS Training Course - Secure Software Development
DV, Developer
JATO

"We particularly enjoyed Stuart's anecdotes and stories which gave context to the topics discussed."

PCI DSS Training Course - Secure Software Development
RT, Developer
JATO

"Stuart gave a great presentation and the training was highly thought-provoking. "

Web App Security and OWASP 2021 Training Course
RJ, Business Analyst
Jato

"The charismatic trainer kept the audience's attention."

Web App Security and OWASP 2021 Training Course
JW, Business Analyst
Jato

"Trainer was great. Good examples to situations provided."

Web App Security and OWASP 2021 Training Course
NM, Testing Lead
UK GIS specialist - name withheld

About the course:

Our instructor-led Penetration Testing (aka Pen Testing) training course will give you practical skills and ethical hacking techniques to analyse and plan to address vulnerabilities in network-facing applications.

We will introduce you to scanning tools, walk you through best practices for fortifying against and mitigating against threat, and reporting security issues within your organisation.

We're happy to offer this instructor-led pen-testing training online; in-person at our London training centre, or at your location of choice. Please get in touch to find out about flexible options to suit your team.

Trusted by:

In a nutshell Who should attend Flexible training Course Syllabus

Learning outcomes

Why carry out Penetration testing?
What is Ethical Hacking?
Pen Testing Fundamentals
Recon & Analysis
Application Logic
Access Handling
Input Handling
Application Hosting
Other security testing disciplines
Information leakage

Who should attend

Web Developers, Testers, Software Architects, Development Managers, Technical QA Managers and anyone interested in moving into a cyber security or information security role.

Prerequisites

There are no pre-requisite skills needed for this training but some experience of software development or scripting in a language such as Java, C#, VB.NET, PHP, JavaScript, or Python would be useful.

Live, instructor-led online and on-site training

We appreciate that you need flexibility to fit in with new working situations - whether you're an individual, part of a distributed team, or simply have projects and deadlines to meet.

Our remote training can take place online in a virtual classroom, with content split into modules to accommodate your scheduling challenges and meet your learning goals. Get in touch today to find out how we can help design a cost-effective, flexible training solution.

Web Application Penetration Testing with OWASP 2021

This is a fundamentals course for those interested in finding out how to start analysing and penetration testing a web application.

Engagement

In this section we learn how to ensure that boundaries of the testing are properly organised, permissions are obtained, and the scope of the testing engagement notified.

Identifying Targets and Users

How do attackers know who the users of a website are? How easy is it to push the website to disclose sensitive information. In this session we use OSINT (Open Source Intelligence) tooling to attempt to gain an understanding of the public profile of the application and its users.

Footprint and Discovery

Before any effective testing can take place it is important to understand the environment the application is hosted on and in. The web application should be analysed to identify structure and content, the results analysed and the application scanned.

User Controls, Authentication and Session

After analysing the web application’s login options we will begin to use our toolset to bypass login controls, brute force access and manipulate sessions and cookies.

Automating Attacks on Databases, Encrypted and Hashed Resources

Learn how to use tools to crack encrypted and hashed passwords and other secured resources, and find Database vulnerabilities in the application’s data stores.

Input Validation

The weakest part of any application is its need to accept data input. We will attempt to identify vulnerabilities in an application by intercepting and manipulating data, using fuzzing techniques and other attempts to identify weaknesses.

Hosting Vulnerabilities

In this session we will look to see what the most common vulnerabilities are in hosted environments and how to identify them.

Public Courses Dates and Rates

Standard duration: 2 Days

Please get in touch for pricing and availability.

Interested in this course?

If you want to explore how you can tailor this course for your organisation, want to sign up for our newsletter, or have any other questions then please speak to us on 020 3137 3920 or get in touch using this form.

This form requires javaScript to work, please email us at webenquiries@frameworktraining.co.uk if you do not have it enabled.

Get in touch

We use cookies on our website to provide you with the best user experience. If you're happy with this please continue to use the site as normal.
For more information please see our Privacy Policy.

I understand

Ready to take your skills to the next level?