An intrusion test consists of evaluating the security of an IT infrastructure by attempting to safely exploit any vulnerabilities that may exist in operating systems, application errors, or end-user behavior. The intrusion test is an attempt to test the effectiveness of security measures and to discover any potential exploit or backdoor that may be present in computer systems: thanks to which hackers and cybercriminals can obtain an unauthorized access or an activity malicious.
In particular, the objectives of the training are:
• Identify vulnerabilities and carry out attacks
• Exercise security functions in responsible information systems.
• Code : C-WAST
• Duration : 3 Days
• schedule : 8h30 - 17h30
• place : training center, Center Urbain Nord
>
• Course materials
• 40% demonstration
• 40% of theory
• 20% practical exercises
• Introduction to the intrusion test
• Basic windows command
• Basic Linux command
• Workaround of login by SQL injection
• SQL Injection Chain, sqlmap
• SQL blind injection, Python script
• Running the nectat command, commix
• Password attack method to get. Tool: Hydra, Python Script, BurpSuite.
• POST Attack method, password. Tool: Hydra, Python Script, BurpSuite.
• Alterations of the verbs http. Tool: Live http Header, complementary to firefox, curl.
• Redirection and uncommitted transfers. Tool: NoRedirect, firefox add-on, curl.
• Upload
• Upload Filtred. Tools: Sabotage Data
• Comparison of PHP in bulk. Tool: Qcunetix, Dirb, Tamper Data; Firefox Addon.
• Time Attack
• XSS Reflected
• XXS stored, tool: XWotP Xenotix OWASP exploit framework
• XXS stored filtee tool: BurpSuite
• LFI
• RFI, tools: Apache, fimap
• CSRF Attack
• The exam will take place in the training center, Northern Urban Zone.
• Exam Title: ECSAv10
• Exam format: QCM and LAB on machine
• Number of questions: 30 QCM
• Duration: 1 hour for multiple choice, 1 hour for LAB
• Language: French
• Required score: 60%
Do not hesitate to contact our experts for any additional information, study and free calculation of an audit service.