Web application security masterclass
KPMG’s web application security masterclass provides an inside view of a pen-tester’s mindset. Learn how to break into your system in order to know how to improve its security. KPMG’s cyber experts showcase what they have learned in private and public sector organisations.
Fee of the training course
€1,299 + VAT
32 academic hours
4 days of classroom training and practical work
Location
KPMG Estonia training rooms, Ahtri 4, Tallinn
Participants
Maximum number of participants up to 15 participants
Language
The training course and study materials are in English.
Course details
KPMG’s web application security masterclass provides an inside view of a pen-tester’s mindset. Learn how to break into your system in order to know how to improve its security. KPMG’s cyber experts showcase what they have learned in private and public sector organisations.
The course focuses on client-side and server-side attacks, combining theory with practical exercises. Participants will learn how to identify, exploit and defend themselves against the most common WebApp vulnerabilities (e.g. XSS, SQL, CSRF, data breaches, SSTI).
We will look at case studies and discuss motivations and mindset, attack vectors, countermeasures, best practices, tools and methodologies.
Course materials will be distributed to participants. At the end of the course, participants will receive a course completion certificate signed by KPMG.
During the course, participants will need to use their own laptop (with VPN capability). Please contact us if you do not have a suitable computer for the course.
Required prior knowledge: understanding technical text in English to use the materials.
The training will take place in the training rooms of KPMG Baltics OÜ at the Forum business centre in Tallinn (Narva mnt 5).
Instructions (room number, floor, parking, etc.) will be provided after registration.
In the event of COVID-19 related restrictions, the course will take place online / in the form of a hybrid course or on other dates.
Day 1
Client-side attacks 1
- Gathering information and overview of configuration
- Client-side injection attacks: XSS, HTML injection attack and JavaScript injection attack
Day 2
Client-side attacks 2
- Client-side tampering attacks: URL and cookie tampering
- Session attacks: session hijacking, session fixation, CSRF
- Add-ons, plug-ins, extensions and third-party content
- Combining different types of attacks
Day 3
Server-side attacks 1
- Authentication and authorisation attacks
- Manipulation of business logic
- Google hacking
- Overview of underlying infrastructure configuration
- Server-side template injection attack
Day 4
Server-side attacks 2
- Injection attacks: command injection, XXE, SQL injection
- Attacks related to file management, file inclusion and uploads
Trainers
Jagjit Singh
Jagjit joined KPMG in 2021. He holds OSCP and CISSP certifications and has solid knowledge of cyber security risks, threats, best practices and preventive measures.
Rajith Jayasekara
Rajith joined KPMG in 2020. Before that, Rajith worked as an information security engineer at TechCERT. He has been certified as Secure Software Development Lifecycle Professional (CSSLP), and he is also OCI Certified Associate.
Trainers’ certificates
NATO CSP
CISSP
A+
CISM
CCNA
GWAPT
CEH
GSEC
Learning outcomes
By completing the training:- you will understand the principles of how the web works and the challenges associated with web applications
- you will gain insight into the tools, techniques and methodologies used for testing web applications
- you will be able to detect and exploit vulnerabilities in modern web frameworks and technologies
- you will be able to analyse the results of automated web testing tools to confirm them, eliminate false positives and evaluate the impact on the company
- you will get an overview of the web sources that you can use for practicing and enhancing your web application hacking skills
Turn threats into opportunities
Provide a safe and sustainable business environment for your company. We help build a resilient and reliable digital landscape, even in the face of changing threats.
KPMG Baltics OÜ
+372 626 8700cyber@kpmg.ee
Ahtri 4, 10151 Tallinn, Estonia
Contact us
${i18n('ask_more')}
Analysis of employee awareness
Analysis of employee awareness focuses on mapping the skills and increasing the competencies of the weakest link in cyber security: the users, the employees.
${i18n('ask_more')}
Threat assessment
Threat assessment is a tactical and technical service that allows a company to get a quick overview of external threats.
${i18n('ask_more')}
Maturity assessment
Maturity assessment helps plan IT investments and design further steps to mitigate vulnerabilities and ensure better security.