Select course by Certification/Exam Body or by Topic Below

CREST Certified Tester – App

The CREST Certified Web Application Tester course will tailor the candidate’s ability to find vulnerabilities in bespoke web applications as CREST Certified Tester – App. The course uses specially designed applications running on a variety of web application platforms and now covers a wider scope than purely traditional web applications to include more recent advances in the field of web application technology and security.

Objectives

The candidate will be expected to demonstrate that they are able to find a range of security flaws and vulnerabilities, including proving the ability to exploit and leverage the flaws to ascertain the impact of the issues found.

Target Audience

Candidtes holding CREST Registered Tester certification

   11000+ Trained Globally- including FTSE 250
   Classroom based small, highly interactive sessions.
   Widest range of Cyber courses – Select on your exact needs.
   The best content developed by qualified professionals.
   Great value – Exceptional quality at a great price.
ISACA
EC-Council
British Computer Society
PECB
CREST

Book Your Course

Not sure which course is right for you?

Call us on 020 8840 4496 and we’ll help you try and find the best course for you.

DateLocationPriceCourse Booking
February 25-01, 2019London-EalingClick here -->
May 13-17, 2019London-EalingClick here -->
Sept 23-27, 2019London-EalingClick here -->
Dec 16-20, 2019London-EalingClick here -->

Email us for best price!

Course Syllabus

Soft Skills and Assessment Management

  • Engagement Lifecycle
  • Law & Compliance
  • Scoping
  • Understanding, Explaining and Managing Risk
  • Record Keeping, Interim Reporting & Final Results

Core Technical Skills

  • IP Protocols
  • Network Architecture
  • Network Routing
  • Network Mapping & Target Identification
  • Interpreting Tool Output
  • Filtering Avoidance Techniques
  • Packet Crafting
  • OS Fingerprinting
  • Application fingerprinting and Evaluating Unknown Services
  • Network Access Control Analysis
  • Cryptography
  • Applications of Cryptography
  • File System Permissions
  • Audit Techniques

Background Information Gathering & Open Source

  • Registration Records
  • Domain Name Server (DNS)
  • Customer Web Site Analysis
  • Google Hacking and Web Enumeration
  • NNTP Newsgroups and Mailing Lists
  • Information Leakage from Mail & News Headers

Networking Equipment

  • Management Protocols
  • Network Traffic Analysis
  • Networking Protocols
  • IPSec
  • VoIP
  • Wireless
  • Configuration Analysis

Microsoft Windows Security Assessment

  • Domain Reconnaissance
  • User Enumeration
  • Active Directory
  • Windows Passwords
  • Windows Vulnerabilities
  • Windows Patch Management strategies
  • Desktop Lockdown
  • Exchange
  • Common Windows Applications

Unix Security Assessment

  • User enumeration
  • Unix Vulnerabilities
  • FTP
  • Sendmail / SMTP
  • Network File System (NFS)
  • R* services
  • X11
  • RPC services
  • SSH

Web Technologies

  • Web Server Operation
  • Web Servers & their Flaws
  • Web Enterprise Architectures
  • Web Protocols
  • Web Mark-up Languages
  • Web Programming Languages
  • Web Application Servers
  • Web APIs
  • Web Sub-Components

Web Testing Methodologies

  • Web Application Reconnaissance
  • Threat Modelling and Attack Vectors
  • Information Gathering from Web Mark-up
  • Authentication Mechanisms
  • Authorisation Mechanisms
  • Input Validation
  • Application Fuzzing
  • Information Disclosure in Error Messages
  • Use of Cross Site Scripting Attacks
  • Use of Injection Attacks
  • Session Handling
  • Encryption
  • Source Code Review

Web Testing Techniques

  • Web Site Structure Discovery
  • Cross Site Scripting Attacks
  • SQL Injection
  • Session ID Attacks
  • Fuzzing
  • Parameter Manipulation
  • Data Confidentiality & Integrity
  • Discovery Traversal
  • File Uploads
  • Code Injection
  • CRLF Attacks
  • Application Logic Flaws

Databases

  • Microsoft SQL Server
  • Oracle RDBMS
  • Web / App/ Database Connectivity

These course will interest you too!

C-RPT

CREST Registered Tester

CLFE Boot Camp

Certified Lead Forensics Examiner

WebApp Boot Camp

Web Application Security

Additional Information

Prerequisites

CPSA, CRT

Who should attend

This training is only intended for individuals preparing for the CCT-A certification exam.

We Accept

CREST Certified Tester – App

Course List

NOTE: The materials for the CEH classes have been developed specifically for NST and are not endorsed, sponsored or delivered by EC-Council. The goal of the course is to prepare security professionals for the CEH exam. NST is not a partner of the EC-Council CISSP® is a registered trademark of (ISC)2®
CEH® are EC Council registered trademarks