Web Application Security Testing (WAHS) Training

EC-Council's Web Application Hacking and Security certification is a specialized program designed to equip individuals with the skills necessary to test, hack, and secure web applications against various security threats. This certification is particularly important as web applications have become an integral part of modern business operations, and the security of these applications is paramount.

The challenges in this certification are derived from EC-Council's engaging iLab environments, ranging from the Certified Ethical Hacker (C|EH) to the Certified Penetration Testing Professional (C|PENT), and from the Certified Application Security Engineer (C|ASE) .Net to Java. As individuals advance through each problem, they will encounter increasingly difficult scenarios, challenging them to grow and develop their skills.

Web Application Hacking and Security is similar to a Capture-The-Flag (CTF) competition, meant to test an individual's hacking skills. However, unlike traditional CTFs, individuals can continue to try until they achieve their goal. Participants have the option to work alone to solve complex problems or follow the instructor's guidance as they do a walkthrough to learn more about Web Application Hacking and Security.

By completing this certification, individuals will gain a comprehensive understanding of web application security and the ability to apply this knowledge to real-world situations. They will also have the skills necessary to identify and mitigate various security threats, making them valuable assets to any organization that relies on web applications.

Course content

• Advanced Web Application Penetration Testing
• Advanced SQL Injection (SQLi)
• Reflected, Stored and DOM-based Cross Site Scripting (XSS)
• Cross Site Request Forgery (CSRF) – GET and POST Methods
• Server-Side Request Forgery (SSRF)
• Security Misconfigurations
• Directory Browsing/Bruteforcing
• Network Scanning
• Auth Bypass
• Web App Enumeration
• Dictionary Attack
• Insecure Direct Object Reference Prevention (IDOR)
• Broken Access Control
• Local File Inclusion (LFI)
• Remote File Inclusion (RFI)
• Arbitrary File Download
• Arbitrary File Upload
• Using Components with Known Vulnerabilities
• Command Injection
• Remote Code Execution
• File Tampering
• Privilege Escalation
• Log Poisoning
• Weak SSL Ciphers
• Cookie Modification
• Source Code Analysis
• HTTP Header modification
• Session Fixation
• Clickjacking