0345 4506120

CREST Certified Tester - App

The CREST Certified Web Application Tester course will tailor the candidate’s ability to find vulnerabilities in bespoke web applications as CREST Certified Tester – App. The course uses specially designed applications running on a variety of web application platforms and now covers a wider scope than purely traditional web applications to include more recent advances in the field of web application technology and security.

Target Audience

Candidtes holding CREST Registered Tester certification

Who should attend

This training is only intended for individuals preparing for the CCT-A certification exam.

Learning Objectives

The candidate will be expected to demonstrate that they are able to find a range of security flaws and vulnerabilities, including proving the ability to exploit and leverage the flaws to ascertain the impact of the issues found.

Pre-Requisites

CREST Practitioner Security Analyst (CPSA)

CREST Registered Tester (C-RT)

Course Content

Soft Skills and Assessment Management

  • Engagement Lifecycle
  • Law & Compliance
  • Scoping
  • Understanding, Explaining and Managing Risk
  • Record Keeping, Interim Reporting & Final Results

Core Technical Skills

  • IP Protocols
  • Network Architecture
  • Network Routing
  • Network Mapping & Target Identification
  • Interpreting Tool Output
  • Filtering Avoidance Techniques
  • Packet Crafting
  • OS Fingerprinting
  • Application fingerprinting and Evaluating Unknown Services
  • Network Access Control Analysis
  • Cryptography
  • Applications of Cryptography
  • File System Permissions
  • Audit Techniques

Background Information Gathering & Open Source

  • Registration Records
  • Domain Name Server (DNS)
  • Customer Web Site Analysis
  • Google Hacking and Web Enumeration
  • NNTP Newsgroups and Mailing Lists
  • Information Leakage from Mail & News Headers

Networking Equipment

  • Management Protocols
  • Network Traffic Analysis
  • Networking Protocols
  • IPSec
  • VoIP
  • Wireless
  • Configuration Analysis

Microsoft Windows Security Assessment

  • Domain Reconnaissance
  • User Enumeration
  • Active Directory
  • Windows Passwords
  • Windows Vulnerabilities
  • Windows Patch Management strategies
  • Desktop Lockdown
  • Exchange
  • Common Windows Applications

Unix Security Assessment

  • User enumeration
  • Unix Vulnerabilities
  • FTP
  • Sendmail / SMTP
  • Network File System (NFS)
  • R* services
  • X11
  • RPC services
  • SSH

Web Technologies

  • Web Server Operation
  • Web Servers & their Flaws
  • Web Enterprise Architectures
  • Web Protocols
  • Web Mark-up Languages
  • Web Programming Languages
  • Web Application Servers
  • Web APIs
  • Web Sub-Components

Web Testing Methodologies

  • Web Application Reconnaissance
  • Threat Modelling and Attack Vectors
  • Information Gathering from Web Mark-up
  • Authentication Mechanisms
  • Authorisation Mechanisms
  • Input Validation
  • Application Fuzzing
  • Information Disclosure in Error Messages
  • Use of Cross Site Scripting Attacks
  • Use of Injection Attacks
  • Session Handling
  • Encryption
  • Source Code Review

Web Testing Techniques

  • Web Site Structure Discovery
  • Cross Site Scripting Attacks
  • SQL Injection
  • Session ID Attacks
  • Fuzzing
  • Parameter Manipulation
  • Data Confidentiality & Integrity
  • Discovery Traversal
  • File Uploads
  • Code Injection
  • CRLF Attacks
  • Application Logic Flaws

Databases

  • Microsoft SQL Server
  • Oracle RDBMS
  • Web / App/ Database Connectivity

Privacy Notice

In order to provide you with the service requested we will need to retain and use your contact information in accordance with our Privacy Notice. If you choose to provide us with this information you explicitly consent to us using the information as necessary to provide the requested service to you. If you do not agree please do not proceed to request the service from us.

Marketing Permissions

Would you like to receive our newsletter and other information on products and services which we think will be of interest to you by email. We will always treat your information with care and in accordance with our Privacy Notice. You are free to withdraw this permission at any time.

 

Virtual Classroom

Virtual classrooms provide all the benefits of attending a classroom course without the need to arrange travel and accomodation. Please note that virtual courses are attended in real-time, commencing on a specified date.

Virtual Course Dates

Our Customers Include