There are various kinds of penetration testing. This course will more specifically focus on Web Application penetration testing. As this is focused towards an entry level audience, the class will be focusing on the most common Web Application vulnerabilities including the OWASP TOP 10 Vulnerabilities.
The course will be between three (3) to four (4) months long including the boot camp at the end of the course and will comprise of twelve (12) modules. The class is paced to ensure that all the students are able to follow and learn at the same time. Students have maximum access to teaching resources so that they may be able to learn and perform their tasks on time. After graduating from this course or for those who are currently working as penetration testers, we have an advanced course that would go more in depth into Web Application Penetration Testing.
Throughout the course, the students will have regular homework and quizzes. The homework will be submitted in a report format, as it is often done in the real world. By this practice, the students will be prepared for the final projects that they have to submit at the end of the course during the boot camp period.
Introduction to Penetration Testing
Cross Site Request Forgery
This course will feature a boot camp at the end of the course combining all the knowledge that the students gained throughout the course. The Boot Camp will be led by a manager, just like the work environment. The manager will assign tasks collect the work from the students. The students will be engaged in the entire assessment cycle, starting from the pre-engagement meeting to the debrief meeting. So, they will have a clear concept of a real-life work environment.
All students will be required to complete at least 2 complete assessments of applications assigned to them by the Boot Camp manager at the end of the course during the month-long boot camp. This will prepare them for the real world and combine all the information that they gained throughout the class, by performing end to end testing of applications.
During the Boot Camp we will do mock interviews and teach how to interpret interview questions. The student will learn how to strategically answer interview questions for any scenarios discussed during the entire course, thereby, wrapping up the whole session and preparing the student for the Application security workforce.
The students will learn how to write professional reports that will help communicate findings to developers, application owners and senior management. The students will be actively writing reports throughout the course for each of their homework. This will help them fine-tune their report writing skills. However, during the bootcamp, the students will be required to submit final project reports that will be a part of their overall class grade. Report writing is always about 20% of the grade for any Penetration Testing certification and it is certainly one of the most important parts in a Penetration Tester’s job.
After each of the modules, the students will be assigned homework. The homework will mostly involve performing test cases for that module. After testing for those vulnerabilities, the students will be required to compile the findings within a report.
The students will have a quiz each week based on the topics that are taught for that week. The quizzes will be mostly multiple-choice questions with some mix and match, multiple answers questions and fill-in-the-blanks. Apart from the weekly quizzes, there will be a mid-term and final exam. The quizzes and exams will help the students revise the modules, understand the “Whats”, “Hows” and “Whys” of the vulnerabilities and prepare them with interview questions as well.