CSTP Ethical Hacking: Hands-On 2 Training Course - In Cambridge CB22

In this 2-day practical ethical hacking course, you will build on the knowledge gained in CSTA Ethical Hacking: Hands-on, using the frameworks & tools used by professional penetration testers to: audit & compromise system security, assess weaknesses in web applications, hijack sessions to steal users' online identities and more.

Delegates who successfully complete the exam included at the end of the training course will be awarded the Certified Security Testing Professional (CSTP) qualification.

This is a practical, hands-on course where delegates are encouraged to experiment, discuss and explore.

The course builds on the techniques learnt in the CSTA Ethical Hacking: Hands-On course, allowing delegates to gain comprehensive practical experience of the penetration testing tools used within the industry

Available dates

Who is this course suitable for?

What does this course cover?

The course introduces delegates to commercial penetration testing software and exploitation frameworks commonly used by professionals to optimise the penetration testing process.

Delegates also explore the exploitation and security auditing of web applications. Web application vulnerabilities can pose serious problems to an organisation’s security. Many do not realise how much control an attacker can gain over an entire corporate network via a simple flaw in the security of a public facing web application.

The CSTP and CSTP+ qualifications command industry recognition and the latter forms part of a ground-breaking Masters-level education programme.

During the course, you will learn:

• Metasploit’s Meterpreter
• Professional tools
• Core Impact Professional
• Web application attacks
• HTTP packet modification
• Paros Proxy
• SQL injection
• Cross Site Scripting (XSS)
• Email spoofing
• Session hijacking by cookie theft
• Acunetix Web Vulnerability Scanner
• Carriage Return Line Feed (CRLF) injection
• Cross Site Request Forgery (CSRF)

You will also learn:

• How to use professional penetration
• testing tools and frameworks machine
• How to exploit Windows Server 2003
• How to exploit flaws in SQL databases
• How to gain GUI based access to a compromised
• The implications of flawed web application security
• How web users are at threat  

• Use professional penetration testing tools to audit & compromise system security
• Use Nikto web server scanner & Nessus 3
• Elevate command-line access to GUI access
• Learn stealthy techniques to silently upload and deploy hacker tools
• Remote registry hacking & silent RAT installation
• Understand the Metasploit Framework
• Learn to use Core Impact for remote & client side attacks
• Transferring hacker tools using TFTP Server

• Find & assess weakness in PHP & ASP.NET web applications
• Learn how you can use SQL injection to bypass authentication & reveal confidential information
• Gain SYSTEM level access to a web server hosting a poorly secured web application
• Attacks against Red Hat and Windows 2003 systems
• Exploit database vulnerabilities including MS SQL server & MySQL

• Employ web application specific vulnerability scanners to rapidly map out weaknesses in web applications

• Practical injection techniques used to glean, manipulate & corrupt data
• Force web applications to malfunction using HTTP request & response modification
• Launch attacks using an HTTP proxy
• Elevate attacks using extended stored procedures

Client side attacks

• Discover the potential severity of the often underestimated XSS vulnerability
• Common browser & e-mail client hacking techniques used to access Internet users
• Attack a Windows XP Workstation
• Perpetrate attacks by e-mail spoofing/social engineering
• Use HTTP session hijacking to compromise a users online identity
• Use XSS with cookie theft to steal confidential information
• Compromise an end-users machine using modern exploits
• Launch a dictionary attack
• Use Acunetix Web Vulnerability Scanner Benefits
• Gain practical experience under the expert guidance of 7Safe’s tutors
• Develop your skills in a state-of-the-art class environment with Windows & Linux operating systems & associated server software
• Learn how to use powerful utilities within the context of realistic case scenarios and convincing simulated environments
• Gain in-depth experience with Core Impact, Metasploit & more, against purpose built ‘victim’ applications
• Journey through the entire process of a pen test, focussing on the core infrastructure, web applications and the end user

Includes examination, successful completion of which earns delegates the industry recognised Certified Security Testing Professional (CSTP) certification

Are there entry requirements?

• A familiarity with Microsoft Windows & Linux/UNIX operating systems
• Prior attendance on the CSTA Ethical Hacking: Hands-On training course and completion of the CSTA examination is strongly recommended
• A basic understanding of HTML and JavaScript is useful

What's included?

Although the course is non-residential, we offer help finding appropriate hotels, close to the training venue. To take advantage of this offer, drop us an email after you book your course.

How to book?

There are three ways to book your course, either online, via fax, or telephone:

• To book via telephone just call us on 0845 070 1750, and we’ll take of the details.
• To book via fax download our booking form, complete it and fax to us on +44 (0) 1353 662667.
• To book online simply enter the number of delegates you wish to send into the “Quantity” and select the course date from the drop down menu and click “Order now”.

We can also accept purchase orders from local authorities, government departments, and other public sector organisations and will consider account facilities for large corporate customers, follow this link to our payment options page for more information.

All bookings are subject to our terms and conditions.

Read what others have said about our training courses  

To write review for this product Click here