Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
HTB Certified Web Exploitation Expert (HTB CWEE)
The Senior Web Penetration Tester Job Role Path is designed for individuals who aim to develop skills in identifying advanced and hard-to-find web vulnerabilities using both black box and white box techniques. This path encompasses advanced-level training in web security, web penetration testing, and secure coding concepts. It also provides a deep understanding of the application debugging, source code review, and custom exploit development aspects of web security. Equipped with the necessary theoretical background, multiple practical exercises, and a proven methodology for web vulnerability identification, students will eventually be capable of performing professional security assessments against modern and highly secure web applications, as well as effectively reporting vulnerabilities found in code or arising from logical errors.
Course Overview
- Interpreting a letter of engagement
- Having advanced knowledge around web penetration testing and secure coding concepts
- Knowledge around web applications and their functionality
- Proficiency in comprehending web application code structures and effectively navigating through them.
- Understanding of complex web vulnerabilities and the ability to detect them, with or without access to the source code.
- Knowledge of advanced bypasses to circumvent different forms of security measures.
- Ability to develop exploits to automate the process of exploiting vulnerabilities
- Ability to patch any identified vulnerabilities and to recommend suitable secure coding advice
- Professionally communicating and reporting vulnerabilities
Learning Objectives
- Advanced black box web penetration testing
- White box penetration testing
- Large code base security reviews
- Web exploit development
- Advanced injections in web applications
- Attacking advanced authentication mechanisms
- Attacking HTTP/s requests
- Performing blind web attacks
- Bypassing advanced security filters
- Performing deserialization Attacks
- Using modern web exploitation techniques
Framework Connections
The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):
Competency Areas
Feedback
If you would like to provide feedback on this course, please e-mail the NICCS team at NICCS@mail.cisa.dhs.gov. Please keep in mind that NICCS does not own this course or accept payment for course entry. If you have questions related to the details of this course, such as cost, prerequisites, how to register, etc., please contact the course training provider directly. You can find course training provider contact information by following the link that says “Visit course page for more information...” on this page.