SEC542 enables students to assess a web application's security posture and convincingly demonstrate the business impact should attackers exploit the discovered vulnerabilities. You will practice the art of exploiting web applications to find flaws in your enterprise's web apps. You'll learn about the attacker's tools and methods and, through detailed hands-on exercises, you will learn a best practice process for web application penetration testing, inject SQL into back-end databases to learn how attackers exfiltrate sensitive data, and utilize cross-site scripting attacks to dominate a target infrastructure.
Web applications play a vital role in every modern organization. But, if your organization does not properly test and secure its web apps, adversaries can compromise these applications, damage business functionality, and steal data. Unfortunately, many organizations operate under the mistaken impression that a web application security scanner will reliably discover flaws in their systems.
SEC542 helps students move beyond push-button scanning to professional, thorough, high-value web application penetration testing.
Customers expect web applications to provide significant functionality and data access. Even beyond the importance of customer-facing web applications, internal web applications increasingly represent the most commonly used business tools within any organization. Unfortunately, there is no "patch Tuesday" for custom web applications, so major industry studies find that web application flaws play a major role in significant breaches and intrusions. Adversaries increasingly focus on these high-value targets either by directly abusing public-facing applications or by focusing on web apps as targets after an initial break-in.
Modern cyber defense requires a realistic and thorough understanding of web application security issues. Anyone can learn to sling a few web hacks, but effective web application penetration testing requires something deeper.
SEC542 gives novice students the information and skills to become expert penetration testers with practice, and fills in all the foundational gaps for individuals with some penetration testing background.
Ways to Learn
- OnDemand: Study and prepare for GIAC Certification with four months of online access. Includes labs and exercises, and support.
- Live Online: Live, interactive sessions with SANS instructors over the course of one or more weeks, at times convenient to students worldwide.
- In Person (6 days): Training events and topical summits feature presentations and courses in classrooms around the world.
Who should attend SEC542?
- General security practitioners
- Penetration testers
- Ethical hackers
- Web application developers
- Website design