Hacking SecuritySecurity Vulnerability

Web Application Penetration Testing Course

Penetration Testing Courses

Web Application Penetration Testing Course

 

Penetration Testing and Web Security Testing (WST) is the Security testing systems for vulnerabilities or security openings in corporate sites and web applications. These vulnerabilities leave sites open to abuse.

 

Through this course of Penetration Testing and Web Security Testing, the understudies will come to comprehend real web application and above all, gain proficiency with a field-tried and repeatable procedure to reliably discover it.

 

Even technically gifted security geeks often struggle with helping organizations understand risk in terms relatable to business. Much of the art of penetration testing has less to do with learning how adversaries are breaking in than it does with convincing an organization to take the risk seriously and employ appropriate countermeasures.

 

Web Application Penetration Testing
Web Application Penetration Testing

 

Course 1– Web and Server Technology

  1. Basic concepts of web applications, how they work and the HTTP protocol
  2. HTML basics part 1
  3. HTML basics part 2
  4. Difference between static and dynamic website
  5. HTTP protocol Understanding
  6. Parts of HTTP Request
  7. Parts of HTTP Response
  8. Various HTTP Methods
  9. Understanding URLS
  10. Intro to REST
  11. HTTP Request & Response Headers
  12. What is a cookie
  13. HTTP Status codes
  14. HTTP Proxy
  15. Authentication with HTTP
  16. HTTP basic and digest authentication
  17. What is “Server-Side”
  18. Server and client side with example
  19. What is a session
  20. Introduction to UTF-8 and Unicode
  21. URL encoding
  22. HTML encoding
  23. Base64 encoding
  24. Hex encoding & ASCII

Course 2 – Setting up the lab with BurpSuite and bWAPP

  1. Setup lab with bWAPP
  2. Set up Burp Suite
  3. Configure Firefox and add certificate 
  4. Mapping and scoping website 
  5. Spidering
  6. Active and passive scanning
  7. Scanner options and demo 
  8. Introduction to password security 
  9. Intruder
  10. Intruder attack types 
  11. Payload settings 
  12. Intruder settings 

Web Application Security LAB

  1. Penetration testing tool 
  2. Environment Setup
  3. General concept
  4. Proxy module
  5. Repeater module
  6. Target and spider module
  7. Sequencer and scanner module

Course 3 – Mapping the application and attack surface

  1. Spidering 
  2. Mapping application using robots.txt 
  3. Discover hidden contents using dirbuster
  4. Dirbuster in detail
  5. Discover hidden directories and files with intruder
  6. Identify application entry points
  7. Identify application entry points
  8. Identify client and server technology
  9. Identify server technology using banner grabbing (telnet) 
  10. Identify server technology using httprecon

Course 4 – Understanding and exploiting OWASP top 10 vulnerabilities

  1. A closer look at all owasp top 10 vulnerabilities

IBM Free Courses

  1. Injection
  2. Broken authentication and session management
  3. Cross-site scripting
  4. Insecure direct object reference
  5. Security misconfiguration
  6. Sensitive data exposure
  7. Missing functional level access controls
  8. Cross-site request forgery
  9. Using components with known vulnerabilities
  10. Unvalidated redirects and forwards

F5 CENTRAL Courses

  1. Injection
  2. Broken authentication and session management 
  3. Insecure Deserialization
  4. Sensitive data exposure
  5. Broken access control
  6. Insufficient logging and monitoring
  7. XML external entities 
  8. Using components with known vulnerabilities
  9. Cross-site scripting
  10. Security misconfiguration

OWASP Top 10

  1. Injection explained 
  2. Broken authentication and session management
  3. Cross-site scripting
  4. Insecure direct object reference
  5. Security misconfiguration
  6. Sensitive data exposure
  7. Missing functional level access control
  8. Cross-site request forgery
  9. Components with known vulnerabilities
  10. Unvalidated redirects and forwards

Course 5 – Bypassing client-side controls

  1. What is hidden forms in HTML
  2. Bypassing hidden form fields using tamper data
  3. Bypassing hidden form fields using Burp Suite (Purchase application)
  4. Changing price on eCommerce website using parameter tampering
  5. Understanding cookie in detail
  6. Cookie tampering with tamper data 
  7. Cookie tamper part 2
  8. Understanding referer header in depth using Cisco product  
  9. Introduction to ASP.NET viewstate  
  10. ASP.NET viewstate in depth
  11. Analyse sensitive data in ASP.NET viewstate

Course 6 – Attacking authentication/login

  1. Attacking login panel with bad password – Guess username password for the website and try different combinations
  2. Brute-force login panel
  3. Username enumeration
  4. Username enumeration with bruteforce password attack
  5. Authentication over insecure HTTP protocol 
  6. Authentication over insecure HTTP protocol
  7. Forgot password vulnerability – case 1
  8. Forgot password vulnerability – case 2
  9. Login page autocomplete feature enabled
  10. Testing for weak password policy
  11. Insecure distribution of credentials – When you register in any website or you request for a password reset using forgot password feature, if the website sends your username and password over the email in cleartext without sending the password reset link, then it is a vulnerability.

Course 7- Attacking access controls (IDOR, Priv esc, hidden files and directories)

Completely unprotected functionalities

  1. Finding admin panel
  2. Finding admin panel and hidden files and directories
  3. Finding hidden webpages with dirbusater

Insecure direct object reference

  1. IDOR case 1
  2. IDOR case 2
  3. IDOR case 3 (zomato)

Privilege escalation

  1. What is privilege escalation
  2. Privilege escalation – Hackme bank – case 1
  3. Privilege escalation – case 2

Course 8 – Attacking data stores (Various types of injection attacks – SQL|My SQL|No SQL|Oracle, etc.)

Bypassing login panel

  1. Basics of MySQL
  2. Bypassing login panel -case 1 
  3. Bypass login panel – case 2

SQL injection

  1. Part 1 – Install SQLi lab
  2. Part 2 – SQL lab series
  3. Part 3 – SQL lab series
  4. Part 4 – SQL lab series
  5. Part 5 – SQL lab series
  6. Part 6 – Double query injection
  7. Part 7 – Double query injection cont..
  8. Part 8 – Blind injection boolean based
  9. Part 9 – Blind injection time based
  10. Part 10 – Dumping DB using outfile
  11. Part 11 – Post parameter injection error based
  12. Part 12 – POST parameter injection double query based
  13. Part 13 – POST parameter injection blind boolean and time based 
  14. Part 14 – Post parameter injection in UPDATE query
  15. Part 15 – Injection in insert query
  16. Part 16 – Cookie based injection
  17. Part 17 – Second order injection
  18. Part 18 – Bypassing blacklist filters – 1
  19. Part 19 – Bypassing blacklist filters – 2
  20. Part 20 – Bypassing blacklist filters  – 3 
  21. Part 21 – Bypassing WAF
  22. Part 22 – Bypassing WAF – Impedance mismatch
  23. Part 23 – Bypassing addslashes – charset mismatch

NoSQL injection

  1. Abusing NoSQL databases
  2. Making cry – attacking NoSQL for pentesters

Xpath injection

  1. Detailed introduction
  2. Practical 1 – bWAPP
  3. Practical 2 – Mutillidae
  4. Practical 3 – webgoat

LDAP injection

  1. Introduction and practical 1
  2. Practical 2

Course 9 – Attacking back-end components (OS command injection, XMl interpreters, mail services, etc.)

OS command injection

  1. OS command injection in bWAPP

 

ScoutSuite : Security Auditing Tool

ModSecurity Framework FTW

WAScan – Web Application Scanner

Tags

Related Articles

One Comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Close