1. Training
  2. Education & Training Catalog
  3. Pluralsight
  4. Web Application Penetration Testing: Session Management Testing

Web Application Penetration Testing: Session Management Testing

Poorly implemented session management can allow an attacker to exploit poor controls and gain access to sensitive information. In Web Application Penetration Testing: Session Management Testing, you'll learn how to find those vulnerabilities before the bad guys do. First, you'll explore cookies, what to look for during a pen-test, and how you can brute force your way passed the login prompt. Next, you'll learn how easy it can be to hijack someone else's session with session fixation. Finally, you'll discover what session puzzling is and how to leverage it as an attacker. When you're finished with this course, you'll have a solid understanding of what to look for while penetration testing session management.

Course Overview

Overall Proficiency Level
2 - Intermediate
Training Purpose
Skill Development
Specific Audience
All
Delivery Method
Online, Self-Paced
  • Online, Self-Paced

Learning Objectives

  • Testing for Bypassing Session Management Schema
  • Testing for Cookie Attributes
  • Testing for Session Fixation
  • Testing for Exposed Session Variables
  • Testing for Cross-site Request Forgery
  • Testing for Logout Functionality
  • Testing Session Timeout
  • Testing Session Puzzling

Framework Connections

The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):

Specialty Areas

  • Vulnerability Assessment and Management

Specialty Areas have been removed from the NICE Framework. With the recent release of the new NICE Framework data, updates to courses are underway. Until this course can be updated, this historical information is provided to give better context as to how it can help you with your cybersecurity goals.

Feedback

If you would like to provide feedback on this course, please e-mail the NICCS team at NICCS@mail.cisa.dhs.gov. Please keep in mind that NICCS does not own this course or accept payment for course entry. If you have questions related to the details of this course, such as cost, prerequisites, how to register, etc., please contact the course training provider directly. You can find course training provider contact information by following the link that says “Visit course page for more information...” on this page.

Last Published Date: