Web-based applications are the most significant security exposure your organization faces.

Labs in this category focus on detecting and understanding vulnerabilities in your web-based applications—penetration testing for the web. These vulnerabilities can be the result of risky coding practices, configuration problems, or newly-discovered vulnerabilities in supporting software or frameworks. These labs utilize multiple tools to examine web application servers using a "black box" approach, without access to source code.

 

Questions about which lab is right for you? Contact cyrin@atcorp.com.

Students will use the OWASP program’s ZAP tool suite from within Kali Linux to scan multiple web services and document vulnerabilities. Students will see ZAP in action on a vulnerable web site where entire database tables are available to potential attackers.

Prerequisites
  • Basic web application knowledge (HTTP, URL parameters, etc.)
  • Basic networking concepts (TCP/IP, DNS, etc.)
Expected Duration

2 hours, self-paced. Pause and continue at any time.

2 CPEs awarded on successful completion.

Cost

This lab is available free of charge for 30 days.

Regular enrollment: $79 for 6 months of access. Free if you are a subscriber to any package that includes this lab.

Launch this lab!

This lab is also available as part of the CYRIN Web Application Security Analysis Package as well as the CYRIN Cyber Range All Access Package.

Students will use the Nikto tool to test web services over the network and document vulnerabilities.  Students will then use network packet capture tools such as Wireshark to verify their understanding of the vulnerabilities and testing procedures.

Prerequisites
  • Basic web application knowledge (HTTP, URL parameters, etc.)
  • Basic networking concepts (TCP/IP, DNS, etc.)
Expected Duration

2 hours, self-paced. Pause and continue at any time.

2 CPEs awarded on successful completion.

Cost

$79 for 6 months of access. Free if you are a subscriber to any package that includes this lab.

Launch this lab!

This lab is also available as part of the CYRIN Web Application Security Analysis Package as well as the CYRIN Cyber Range All Access Package.

Students will use the Vega scanning tool, within a graphical Kali Linux environment, to test web services over the network and document vulnerabilities. Students will then use network packet capture tools such as Wireshark to verify their understanding of the vulnerabilities and testing procedures.

Prerequisites
  • Basic web application knowledge (HTTP, URL parameters, etc.)
  • Basic networking concepts (TCP/IP, DNS, etc.)
Expected Duration

2 hours, self-paced. Pause and continue at any time.

2 CPEs awarded on successful completion.

Cost

$79 for 6 months of access. Free if you are a subscriber to any package that includes this lab.

Launch this lab!

This lab is also available as part of the CYRIN Web Application Security Analysis Package as well as the CYRIN Cyber Range All Access Package.

Burp Suite is an industry standard suite of tools used by information security professionals for testing Web application security. Its tools work together to support the entire testing process, from initial mapping and analysis of an application's attack surface, through to finding and exploiting security vulnerabilities.

Students learn to use Burp tools to find security vulnerabilities in a web application. They will discover the application is vulnerable to cross-site scripting (XSS) attacks and will learn how to exploit the vulnerability to steal user credentials.

Prerequisites

Basic web application knowledge (HTTP, URL parameters, etc.).

Expected Duration

2 hours, self-paced. Pause and continue at any time.

2 CPEs awarded on successful completion.

Cost

$79 for 6 months of access. Free if you are a subscriber to any package that includes this lab.

Launch this lab!

This lab is also available as part of the CYRIN Web Application Security Analysis Package as well as the CYRIN Cyber Range All Access Package.

Students will learn how to detect and exploit SQL injection vulnerabilities. By using several SQL injections techniques students will gather information about a remote database such as Operating System, database type, table names and their content. Students will then use sqlmap, a tool for SQL injection, to automate this process.

Prerequisites
  • Familiarity with the Unix/Linux command line
  • Basic knowledge of SQL queries
Expected Duration

2 hours, self-paced. Pause and continue at any time.

2 CPEs awarded on successful completion.

Cost

$79 for 6 months of access. Free if you are a subscriber to any package that includes this lab.

Launch this lab!

The course is also available as part of the CYRIN Web Application Security Analysis as well as the CYRIN Cyber Range All Access Package.