Web Application Penetration Testing – In-Depth Practical (Lab) Training by Real Time Expert

Hi All,

We are starting a new batch for Web Application Penetration Testing Training.

This training is different from other Security Testing/ Penetration Testing Trainings in the market, as it involves lots of Assignments/Home Work, Lab Work and 3-4 month duration. You will be able to gain atleast 3 and half years of real time experience from this effective training.

Note: Trainer has 13 plus years of experience.

Reach me on my whatsapp number: +91 – 9908895533 if you want to attend this training.

Here are the high level training details, followed by the complete training delieverables:

First Session Training Start Date Training Duration Training Days Timings Training Cost
April 26th, 2021 – 10:00 AM IST April 26th, 2021 – 10:00 AM IST 3 to 4 months (1 hour daily) Weekdays only (Indian) 10 to  11 AM IST Rs 25000

Training Deliverables:


Module 1: Application Development


  1. Installation of LAMP Server
  2. Basics of MySQL
  3. Developing Bank Application
    1. Login.html
    2. usercheck.php
    3. profile.php
    4. transfer.php
    5. Register.php
    6. feedback.php
    7. feedback_user.php
    8. feedback_admin.php
  4. Session Management
    1. Session
    2. Cookie
    3. Same-Origin Policy

Module 2: HTTP Protocol


  1. Hypertext Transfer Protocol (RFC 2616) — HTTP/1.1
  2. HTTP Messages
  3. HTTP Request and Response
    1. Header and Body
  4. HTTP Methods
  5. HTTP Response Codes

Module 3: Burp Suite and ZAP


  1. Introduction to Burp Suite
    1. Burp Proxy
    2. Burp Intruder
    3. Burp Repeater
    4. Burp Sequencer
  2. Introduction to ZAP
    1. Scan Policy Manager (Analyze)
    2. Tools
    3. Report
    4. ZAP Modes – Attack Mode

Module 4:  Cross Site Scripting (XSS/CSS)


  1. Introducting to Cross Site Scripting
  2. Reflected Cross Site Scripting
  3. Stored/Persistent Cross Site Scripting
  4. Browser – Document Object Model
  5. DOM Based Cross Site Scripting
  6. Identification of Cross Site Scripting
    1. Payloads
    2. Simple HTML Context
    3. HTML Attribute Name Context
    4. HTML Attribute Value Context
    5. HTML Comments Context
    6. JavaScript Context
    7. VB Script Context
    8. CSS Context
  7. Polyglots
  8. Exploitation of Cross Site Scripting — HTTP only flag for cookies/same site
  9. Remediation of Cross Site Scripting
    1. Input Validation
      1. White Listing
      2. Black Listing
    2. Ouput Encoding – Crane Problem

Module 5: SQL Injection


  1. SQL Injections
  2. Identification of Injections
    1. In-band SQLi — Error-Based, Union-Based SQLi
    2. Inferential SQLi – Bool Based, Time Based
    3. Out-of-band SQLi
  3. Exploitation of SQL Injections
      1. SQL MAP
      2. Manually extracting Data
  4. Remediation of SQL Injection
    1. Input Validation
    2. Input Escaping
      1. mysqli_real_escape_string
    3. Parameterized Queries
      1. Prepare
      2. Bind
      3. Compile
      4. Parse

Module 6: Cross-site Request Forgery


  1. Understanding CSRF
  2. Identification of CSRF
  3. Exploitation of CSRF
  4. Remediation of CSRF

Module 7: File Upload to Shell


  1. File Upload Feature
  2. File Canonicalization attack
  3. File to Shell
  4. File to Malware

Module 8: SSRF Vulnerability


  1. Basics of SSRF
  2. SSRF in File Download
  3. SSRF in File Content Fetch
  4. SSRF in host connect (port scan)

Module 9: Authentication and Authorization — IAM


  1. Session Management
    1. Predictable Tokens and Weak Randomness
    2. Session Fixation and Replay
    3. Session Hijacking and Replay
  2. Authentication Technologies
    1. HTML Forms based Authentication
    2. Multi Factor Authentications
    3. Certificate Based Authentication
    4. HTTP Based Authentication
    5. Windows Integrated (NTLMV2/Kerberos)
    6. Authentication Services
  3. Introduction to Authorization
    1. Horizontal Privilege Escalation
    2. Vertical Privilege Escalation

Module 10: Other Vulnerabilities


  1. Insecure Direct Object References — IDOR
  2. Security Misconfiguration
    1. HTTP – only flag
    2. Secure Flag
    3. samesite attribute
  3. Sensitive Data Exposure
  4. Missing Functional Level Access Control
  5. Unvalidated Redirects and Forwards
  6. Clickjacking (X-Frame Options or XFS)

Module 11: Cryptography and SSL


  1. Basics of Cryptography
  2. Encoding – Crane Problem
  3. Encryption
      1. Ciphers
      2. Symmetric Key Encryption
      3. Asymmetric Key Encryption
  4. Public Key Cryptography
  5. Hashing – md5, sha1, sha2
  6. SSL Tests
  7. Certificate Problems
    1. Protocol Support
    2. Key Exchange
    3. Cipher Strength

Module 12: XML External Entity (XXE) Processing


  1. Introduction to XML
  2. Configuring xHttp request at Client
  3. Configuring XML parser at server
  4. Identification of XXE
  5. Exploitation of XXE
  6. Remediation of XXE

Module 13: Automation Tools


  1. Web Inspect or eq
  2. False Positive Elimination
  3. Risk Analysis
  4. Reporting

——– End of this page —————————————————–


Open chat
Contact Us on Whatsapp