Web Testing Specialist (CREST WAT)

By the end of this training, you will have expanded your technical understanding beyond the core concepts of networks and operating systems infrastructure and learnt how to identify and demonstrably exploit vulnerabilities that can occur due to bad practice.

Practitioner-level cyber security professionals who wish to further develop their security skills in web application penetration testing. Example roles might include:

• Vulnerability assessors
• Penetration testers
• Red team specialists
• Cyber security specialists
• Cyber security consultants

Upon successful completion of this course, a trainee will be able to confirm the following knowledge:

• Encryption algorithms, their relative strengths and weaknesses and appropriate selection criteria.
• Information security considerations for database systems.
• Systems testing and evaluation methods.
• Technology that can be exploited.
• Application firewall concepts and functions.
• Information security vulnerabilities across a range of industry standard technologies.
• Encryption cracking tools, password cracking tools and remote access methods.
• Using and selecting security tools and products.
• Using the tools and frameworks that are most readily available to hackers seeking to attack the organization
• Hacker techniques and tools.

Upon successful completion of this course, a trainee will be able to achieve the following skills in:

• Conducting application vulnerability assessments and understanding their results.
• Recognizing vulnerabilities in security systems.
• Using code analysis tools effectively.
• Analyzing an organization’s communication networks through the eyes of an attacker.
• Developing operations-based testing scenarios.
• Testing the security of integrated systems
• Using tools, techniques, and procedures to remotely exploit and establish persistence on a target.
• Carrying out attack and defense operations for the purpose of exercises and vulnerability assessment and detection.
• Developing or recommending analytic approaches in situations where information is incomplete or for which no precedent exists.

Ideally, five or more years practical experience in a security testing role and qualified or training as CRT with at least 12 months’ hands-on penetration testing experience after qualifying as CRT.

Knowledge of:

• Relevant cyber security aspects of legislative and regulatory requirements, relating to ethics and privacy.
• Information security authentication, authorisation, and access control methods.
• Vulnerabilities in applications and their likely impact.
• System and application security threats and vulnerabilities.
• National cybersecurity regulations and requirements relevant to their organization.
• Operating system command-line tools.
• Penetration testing and red teaming principles, tools, and techniques.
• Database theory.
• Web services.
• Penetration testing principles, techniques, and best practice application.
• Using operating systems and their toolsets relevant to the systems being tested.
• File system implementations.
• Hacker techniques and tools.
• Web filtering technologies.
• Website types, administration, functions, and content management system.
• Host-based security products and how those products reduce vulnerability to exploitation.
• How internet communications applications work.
• N-tiered typologies.

Skills in:

• Safely and effectively conducting research using deep web.
• Assessing the robustness of security systems and designs.
• The use of penetration testing tools and techniques
• Developing insights about an organization’s threat environment.
• Identifying, modifying, and manipulating applicable operating system components.
• C, low-level assembly, and Linux kernel.
• Script-based languages.
• Identifying a network’s characteristics when viewed through the eyes of an attacker.
• Identifying cyber threats which may jeopardize the organization or its stakeholders’ interests.
• Using multiple analytic tools, databases, and techniques.
• Using multiple search engines and tools in conducting open-source searches.
• Using network analysis and reconstruction tools and interpreting their results.
• Monitoring a threat or vulnerability situation and environmental factors

This training can be tailored to an industry or for a defined audience, with various durations. Example topics typically include:

Day 1

• Web Testing Tools
• Refresh on Burp Suite, Sqlmap, DirBuster and OSINT.
• Mapping out the application, authenticated only URLS, and the authentication bypass
• Threats
• Threat Actors
• Enumeration Techniques
• Enumeration of DNS
• SQL injection refresher
• Refresh of simple SQL injection and why it works
• Implications of successful attacks and discuss LDAP and XML injection.
• Cross Site Scripting refresher
• Refresh of stored/reflected XSS and why it works

Day 2

• Encryption
• Encryption methods and best practice
• Identification and exploitation of Encoded values
• Identification and exploitation of Cryptographic values
• File Inclusion vulnerability
• Local File Inclusion
• Remote File Inclusion
• File Upload
• File upload filters and methods
• Command Injection
• Command injection examples and vulnerabilities

Day 3

• Web Application Firewalls
• Session Management
• Session management best practice
• Advanced Cross Site Scripting
• XSS payloads to avoid security
• Advanced SQL injection
• How to conduct SQL with increased security
• Knowledge of common attack vectors for Microsoft SQL Server, and Privilege escalation methods.
• Derivation of version and patch information from hosts running Oracle software.
• Connection and authentication methods used by web applications and common databases.

Day 4

• Thick Client
• Analysis methods for thick client applications
• WebDAV
• Introduction to WebDAV
• Benefits of performing application reconnaissance.
• Discovering the structure of web applications.
• Methods to identify the use of application components
• Types of information available in web page source that may prove useful to an attacker
• Reporting
• API
• Live vs Dev Applications

Day 5

• Exam Preparation