SANS - SEC642 Advanced Web App Penetration Testing, Ethical Hacking, and Exploitation Techniques

* How to discover and exploit vulnerabilities in modern web frameworks, technologies, and backends
* Skills to test and exploit specific technologies such as HTTP/2, Web Sockets, and Node.js
* How to evaluate and find vulnerabilities in the many uses of encryption within modern web applications
* Skills to test and evaluate mobile backends and web services used in an enterprise
* Methods to recognize and bypass custom developer, web framework, and Web Application Firewall defenses
You Will Be Able To
* Perform advanced Local File Include (LFI)/Remote File Include (RFI), Blind SQL injection (SQLi), and Cross-Site Scripting (XSS) combined with Cross-Site Request Forger (XSRF) discovery and exploitation
* Exploit advanced vulnerabilities common to most backend language like Mass Assignments, Type Juggling, and Object Serialization
* Perform jаvascript-based injection against ExpressJS, Node.js, and NoSQL
* Understand the special testing methods for content management systems such as SharePoint and WordPress
* Identify and exploit encryption implementations within web applications and frameworks
* Discover XML Entity and XPath vulnerabilities in SOAP or REST web services and other datastores
* Use tools and techniques to work with and exploit HTTP/2 and Web Sockets
* Identify and bypass Web Application Firewalls and application filtering techniques to exploit the system
Homepage
https://www.sans.org/cyber-security-courses/advanced-web-app-penetration-testing-ethical-hacking/