Course:Advanced Web Application Security (AWAE)

Duration: 45 Hours


About this course:

         The Advanced Web Application Security (AWAE) is the certification for our Penetration Testing with Kali Linux training course and is the world’s first completely hands-on offensive information security certification. The OSCP challenges the students to prove they have a clear and practical understanding of the penetration testing process and life-cycle through an arduous twenty-four (24) hour certification exam.

         An AWAE trained professional has demonstrated his ability to be presented with an unknown network, enumerate the targets within their scope, exploit them, and clearly document their results in a penetration test report.


Target Audience:

          » Network server administrators, Firewall Administrators, Information Security Testers, System Administrators and Risk Assessment professionals.

          » Pen testers.


Prerequisites:

                  There are no prerequisites although it would be extremely valuable to know web application vulnerabilities, knowledge of attack techniques, lateral movement, continuous monitoring and penetration testing.

OSCP certified professionals will be able to:


          1) Use multiple information gathering techniques to identify and enumerate targets running various operating systems and services.

          2) Write basic scripts and tools to aid in the penetration testing process.

          3) Analyze, correct, modify, cross-compile, and port public exploit code.

          4) Successfully conduct both remote and client-side attacks.

          5) Identify and exploit XSS, SQL injection, and file inclusion vulnerabilities in web applications.

          6) Deploy tunneling techniques to bypass firewalls.

          7) Demonstrate creative problem solving and lateral thinking.


Course Outline:

          » Metasploitable 2 enumeration

          » Metasploitable 2 vulnerability assessment

          » Exploiting VSFTPD v2.3.4 on Metasploitable 2

          » Hacking Unreal IRCd 3.2.8.1 on Metasploitable 2

          » Hacking dRuby RMI Server 1.8

          » Buffer overflow explained: The basics

          » Hacking with Netcat part 2: Bind and reverse shells

          » Mingw-w64: How to compile Windows exploits on Kali Linux

          » Windows Privilege Escalation

          » Linux Privilege Escalation

     1)  Indicators of Compromise :

           Why is Security Important?

           Security Policy

           Threat Actor Types

           The Kill Chain

           Social Engineering

           Phishing

           Malware Types

           Trojans and Spyware

           Open Source Intelligence

           Labs:

              VM Orientation

              Malware Types


     2)  Critical Security Controls :

           Security Control Types

           Defense in Depth

           Frameworks and Compliance

           Vulnerability Assessments and Pen tests

           Security Assessment Techniques

           Pen Testing Concepts

           Vulnerability Scanning Concepts

           Exploit Frameworks

           Labs:

                  Using Vulnerability Assessment Tools


     3)  Security Posture Assessment Tools :

           Topology Discovery

           Service Discovery

           Packet Capture & Packet Capture Tools

           Remote Access Trojans

           Honeypots and Honey nets

           Labs:

                  Using Network Scanning Tools 1

                  Using Network Scanning Tools 2

                  Using Steganography Tools


     4)  Incident Response :

           Incident Response Procedures

           Preparation Phase

           Identification Phase

           Containment Phase

           Eradication and Recovery Phases


Module 2 / Identity and Access Management

     1)  Cryptography :

           Uses of Cryptography

           Cryptographic Terminology and Ciphers

           Cryptographic Products

           Hashing Algorithms

           Symmetric Algorithms

           Asymmetric Algorithms

           Diffie-Hellman and Elliptic Curve

           Transport Encryption

           Cryptographic Attacks

           Labs:

              Implementing Public Key Infrastructure


     2)  Public Key Infrastructure :

           PKI Standards

           Digital Certificates

           Certificate Authorities

           Types of Certificate

           Implementing PKI

           Storing and Distributing Keys

           Key Status and Revocation

           PKI Trust Models

           PGP / GPG

           Labs:

              Deploying Certificates and Implementing Key Recovery


     3)  Identification and Authentication :

           Access Control Systems

           Identification

           Authentication

           LAN Manager / NTL

           Kerberos

           PAP, CHAP, and MS-CHAP

           Password Attacks

           Token-based Authentication

           Biometric Authentication

           Common Access Card

           Labs:

              Using Password Cracking Tools


     4)  Identity and Access Services :

           Authorization

           Directory Services

           RADIUS and TACACS+

           Federation and Trusts

           Federated Identity Protocols


     5)  Account Management :

           Formal Access Control Models

           Account Types

           Windows Active Directory

           Creating and Managing Accounts

           Account Policy Enforcement

           Credential Management Policies

           Account Restrictions

           Accounting and Auditing

           Labs:

              Using Account Management Tools


Module 3 / Architecture and Design (1)

     1)  Secure Network Design :

           Network Zones and Segments

           Sub netting

           Switching Infrastructure

           Switching Attacks and Hardening

           Endpoint Security

           Network Access Control

           Routing Infrastructure

           Network Address Translation

           Software Defined Networking

           Labs:

              Implementing a Secure Network Design


     2)  Firewalls and Load Balancers :

           Basic Firewalls

           Stateful Firewalls

           Implementing a Firewall or Gateway

           Web Application Firewalls

           Proxies and Gateways

           Denial of Service Attacks

           Load Balancers

           Labs:

              Implementing a Firewall


     3)  IDS and SIEM :

           Intrusion Detection Systems

           Configuring IDS

           Log Review and SIEM

           Data Loss Prevention

           Malware and Intrusion Response

           Labs:

              Using an Intrusion Detection System


     4)  Secure Wireless Access :

           Wireless LANs

           WEP and WPA

           Wi-Fi Authentication

           Extensible Authentication Protocol

           Additional Wi-Fi Security Settings

           Wi-Fi Site Security

           Personal Area Networks


     5)  Physical Security Controls :

           Site Layout and Access

           Gateways and Locks

           Alarm Systems

           Surveillance

           Hardware Security

           Environmental Controls


Module 4 / Architecture and Design (2)

     1)  Secure Protocols and Services :

           DHCP Security

           DNS Security

           Network Management Protocols

           HTTP and Web Servers

           SSL / TSL and HTTPS

           Web Security Gateways

           Email Services

           S/MIME

           File Transfer

           Voice and Video Services (VoIP and VTC)

           Labs:

              Implementing Secure Network Addressing Services

              Configuring a Secure Email Service


     2)  Secure Remote Access :

           Remote Access Architecture

           Virtual Private Networks

           IPSec

           Remote Access Servers

           Remote Administration Tools

           Hardening Remote Access Infrastructure

           Embedded Systems

           Security for Embedded Systems

           Labs:

              Implementing a Virtual Private Network


     3)  Secure Systems Design :

           Trusted Computing

           Hardware / Firmware Security

           Peripheral Device Security

           Secure Configurations

           OS Hardening

           Patch Management

           Embedded Systems

           Security for Embedded Systems


     4)  Secure Mobile Device Services :

           Mobile Device Deployments

           Mobile Connection Methods

           Mobile Access Control Systems

           Enforcement and Monitoring


     5)  Secure Virtualization and Cloud Services :

           Virtualization Technologies

           Virtualization Security Best Practices

           Cloud Computing

           Cloud Security Best Practices


Module 5 / Risk Management:

     1)  Forensic :

           Forensic Procedures

           Collecting Evidence

           Capturing System Images

           Handling and Analyzing Evidence

           Labs:

               Using Forensic Tools


     2)  Disaster Recovery and Resiliency :

           Continuity of Operations Plans

           Disaster Recovery Planning

           Resiliency Strategies

           Recovery Sites

           Backup Plans and Policies

           Resiliency and Automation Strategies


     3)  Risk Management :

           Business Impact Analysis

           Identification of Critical Systems

           Risk Assessment

           Risk Mitigation


     4)  Secure Application Development :

           Application Vulnerabilities

           Application Exploits

           Web Browser Exploits

           Secure Application Design

           Secure Coding Concepts

           Auditing Applications

           Secure DevOps

           Labs:

              Identifying a Man-in-the-Browser Attack


     5)  Organizational Security :

           Corporate Security Policy

           Personnel Management Policies

           Interoperability Agreements

           Data Roles

           Data Sensitivity Labeling and Handling

           Data Wiping and Disposal

           Privacy and Employee Conduct Policies

           Security Policy Training


Delivery method: Classroom / Attend from Anywhere