Fundamentals of Reconnaissance &
Attack Surface Analysis

Build the skills to uncover and secure web application vulnerabilities.
Our four-day training empowers you to map, analyze, and strengthen
your application’s defenses with practical, real-world techniques.

The Fundamentals of Reconnaissance & Attack Surface Analysis course dives deep into essential skills for understanding web application vulnerabilities. This interactive, four-day program combines lectures and hands-on labs to equip participants with the tools and techniques to map and analyze application surfaces, maximizing testing coverage and strengthening application defenses.

Course Objectives

Participants will develop a structured understanding of web application reconnaissance and attack surface analysis, covering key areas like:

  • Initial Reconnaissance & Information Gathering: From application mapping to content discovery, participants will learn critical skills for uncovering potential vulnerabilities.
  • Attack Surface Analysis: Focusing on endpoint examination, this phase includes HTTP request analysis, cookie security, and tracking attack surface dynamics.

By the end of the course, attendees will have a comprehensive skill set to assess application security posture effectively, supporting both immediate testing needs and ongoing security improvements.

Expectations

This training brings together live instruction, interactive labs, and real-world case studies. Led by experienced GuidePoint Security professionals, the course is designed to give participants a hands-on, immersive experience in reconnaissance and attack surface analysis methodologies.

Participants will gain practical experience with industry-standard tools and strategies, preparing them to implement effective security practices in their own work environments.

Intended Audience

This course is ideal for:

  • Application Security Professionals (entry to mid-level)
  • Quality Assurance Engineers focused on security
  • Security Champions within development teams

Whether new to the field or looking to solidify existing skills, participants will walk away with actionable knowledge in web application security assessment.

Course Outline

Prerequisites: A foundational knowledge of web application concepts (e.g., HTTP protocols, client-server interactions) is recommended but not required. Basic familiarity with security concepts or web app structures will enhance learning.

Materials Needed

  • Computer with Windows, macOS, or Linux
  • Internet access
  • VMware or VirtualBox to run virtual lab environments

Format: GuidePoint’s flexible training approach ensures participants can engage at their own pace, with resources designed to support practical application and real-world readiness.

Course Schedule

Days 1 & 2: Initial Reconnaissance & Information Gathering

  • Introduction to Testing Methodologies
  • Reconnaissance Essentials
  • Application Mapping and Content Discovery
  • Client-side code Review with hands-on labs

Days 3 & 4: Attack Surface Analysis

  • Endpoint Identification and Analysis
  • HTTP Request and Response Inspections
  • Session and Header Security
  • Tracking Attack Surface Changes and Group Exercises

Final Exercise: The course culminates in a group exercise where participants apply their skills to track and analyze a real-world web application’s attack surface.

Course Benefits

Upon completing this training, participants will possess a solid foundation in web application reconnaissance and attack surface mapping. They’ll be prepared to contribute effectively to security efforts within their organizations, identifying and addressing vulnerabilities before they can be exploited.

Certifications

Put an ELITE Highly-Trained Team on Your Side