> Checkpoint Certification > CCPE-AW - Certification
Course Description
Learn advanced hacking techniques that compromise web apps, APIs, and associated end-points. The class focuses on server-side flaws. The vulnerabilities we present usually go undetected by modern scanners.
Course Details
Learn How to
- Gain practical experience with tools that will serve you in the future
- Learn core infrastructure techniques
- Go forward into more advanced infrastructure topics
How you will Benefit
- If you work in the security industry of modern web applications, you will benefit from this class. This is not a beginner class. To gain the maximum value from the topics being explored, attendees should have a strong understanding of the OWASP top 10 issues.
Course Details
1. Introduction
- Lab setup and architecture overview
- Burp Suite features recap
2. Attacking Authentication and Single Sign On (SSO)
- Token hijacking attacks
- Logical bypass/boundary conditions
- Bypassing 2-Factor Authentication (2FA)
- Authentication bypass using subdomain takeover
- JSON Web Token (JWT) and JSON Web Signature (JWS) attacks
- Security Assertion Markup Language (SAML) authorization bypass
- Open Authorization (OAuth) issues
3. Password Reset Attacks
- Session poisoning
- Host header validation bypass
- Case study: common password reset fails
- Mass assignment
- Invite/promo code bypass
- Replay attack
- API authorization bypass
- HTTP Parameter Pollution (HPP)
4. Extensible Markup Language (XML) External Entity (XXE) Attack
- XXE basics
- Advanced XXE exploitation over out-of-band (OOB) channels
- XXE through SAML
- XXE in file parsing
- Known plaintext attack (faulty password reset)
- Padding oracle attack
- Hash length extension attacks
- Auth bypass using .NET machine key
- Exploiting padding oracles with fixed initialization vectors (IVs)
- ECDSA nonce reuse attack
5. Remote Code Execution (RCE)
- Java deserialization attack- Binary- XML- Serial Version UID mismatch
- .Net deserialization attack
- PHP deserialization attack
- Python deserialization attack
- Server-side template injection
- Exploiting code injection over OOB channels
6. SQL Injection (SQLi) Masterclass
- Second-order injection
- OOB exploitation
- SQLi through cryptography
- OS code execution via PowerShell
- Advanced topics in SQLi
- Advanced SQLMap usage and web application firewall (WAF) bypass
- Malicious file extensions
- Circumventing file validation checks
- Exploiting hardened web servers
- SQLi via file metadata
- SSRF to query internal network
- SSRF to exploit templates and extensions
- SSRF filter bypass techniques
7. Attacking the Cloud
- SSRF exploitation
- Serverless exploitation
- Google Dorking in the cloud era
- Cognito misconfiguration to data exfiltration
- Post-exploitation techniques on cloud-hosted applications
- Case studies: SSRF to RCE in containers- SSRF to Amazon Elastic Compute Cloud (EC2) takeover- AWS credentials Leaked (Netflix, TD Bank)
- Identifying and attacking various CMS
- Attacking hardened WordPress, Joomla, and Microsoft SharePoint
- Web cache deception attack
- Web cache poisoning attack- Web cache poisoning in Drupal 8
- Unicode normalization attacks
- Second order insecure direct object references (IDOR) attack
- Exploiting misconfigured code control systems
- Pentesting GraphQL- Introspection based attacks on GraphQL
- HTTP desync attack
| Fees Structure : | 22500 INR / 270 USD |
| Total No of Class : | 61 Video Class |
| Class Duration : | 49:30 Working Hours |
| Download Feature : | Download Avalable |
| Technical Support : | Call / Whatsapp : +91 8680961847 |
| Working Hours : | Monday to Firday 9 AM to 6 PM |
| Payment Mode : | Credit Card / Debit Card / NetBanking / Wallet (Gpay/Phonepay/Paytm/WhatsApp Pay) |
| Fees Structure : | 30500 INR / 365 USD |
| Class Duration : | 60 Days |
| Class Recording : | Live Class Recording available |
| Class Time : | Monday to Firday 1.5 hours per day / Weekend 3 Hours per day |
| Technical Support : | Call / Whatsapp : +91 8680961847 |
| Working Hours : | Monday to Firday 9 AM to 6 PM |
| Payment Mode : | Credit Card / Debit Card / NetBanking / Wallet (Gpay/Phonepay/Paytm/WhatsApp Pay) |
