Hi All,
We are starting a new batch for Web Application Penetration Testing Training.
This training is different from other Security Testing/ Penetration Testing Trainings in the market, as it involves lots of Assignments/Home Work, Lab Work and 3-4 month duration. You will be able to gain atleast 3 and half years of real time experience from this effective training.
Note: Trainer has 13 plus years of experience.
Reach me on my whatsapp number: +91 – 9908895533 if you want to attend this training.
Here are the high level training details, followed by the complete training delieverables:
First Session | Training Start Date | Training Duration | Training Days | Timings | Training Cost |
---|---|---|---|---|---|
April 26th, 2021 – 10:00 AM IST | April 26th, 2021 – 10:00 AM IST | 3 to 4 months (1 hour daily) | Weekdays only (Indian) | 10 to 11 AM IST | Rs 25000 |
Training Deliverables:
Module 1: Application Development
- Installation of LAMP Server
- Basics of MySQL
- Developing Bank Application
- Login.html
- usercheck.php
- profile.php
- transfer.php
- Register.php
- feedback.php
- feedback_user.php
- feedback_admin.php
- Session Management
- Session
- Cookie
- Same-Origin Policy
Module 2: HTTP Protocol
- Hypertext Transfer Protocol (RFC 2616) — HTTP/1.1
- HTTP Messages
- HTTP Request and Response
- Header and Body
- HTTP Methods
- HTTP Response Codes
Module 3: Burp Suite and ZAP
- Introduction to Burp Suite
- Burp Proxy
- Burp Intruder
- Burp Repeater
- Burp Sequencer
- Introduction to ZAP
- Scan Policy Manager (Analyze)
- Tools
- Report
- ZAP Modes – Attack Mode
Module 4: Cross Site Scripting (XSS/CSS)
- Introducting to Cross Site Scripting
- Reflected Cross Site Scripting
- Stored/Persistent Cross Site Scripting
- Browser – Document Object Model
- DOM Based Cross Site Scripting
- Identification of Cross Site Scripting
- Payloads
- Simple HTML Context
- HTML Attribute Name Context
- HTML Attribute Value Context
- HTML Comments Context
- JavaScript Context
- VB Script Context
- CSS Context
- Polyglots
- Exploitation of Cross Site Scripting — HTTP only flag for cookies/same site
- Remediation of Cross Site Scripting
- Input Validation
- White Listing
- Black Listing
- Ouput Encoding – Crane Problem
- Input Validation
Module 5: SQL Injection
- SQL Injections
- Identification of Injections
- In-band SQLi — Error-Based, Union-Based SQLi
- Inferential SQLi – Bool Based, Time Based
- Out-of-band SQLi
- Exploitation of SQL Injections
-
- SQL MAP
- Manually extracting Data
-
- Remediation of SQL Injection
- Input Validation
- Input Escaping
- mysqli_real_escape_string
- Parameterized Queries
- Prepare
- Bind
- Compile
- Parse
Module 6: Cross-site Request Forgery
- Understanding CSRF
- Identification of CSRF
- Exploitation of CSRF
- Remediation of CSRF
Module 7: File Upload to Shell
- File Upload Feature
- File Canonicalization attack
- File to Shell
- File to Malware
Module 8: SSRF Vulnerability
- Basics of SSRF
- SSRF in File Download
- SSRF in File Content Fetch
- SSRF in host connect (port scan)
Module 9: Authentication and Authorization — IAM
- Session Management
- Predictable Tokens and Weak Randomness
- Session Fixation and Replay
- Session Hijacking and Replay
- Authentication Technologies
- HTML Forms based Authentication
- Multi Factor Authentications
- Certificate Based Authentication
- HTTP Based Authentication
- Windows Integrated (NTLMV2/Kerberos)
- Authentication Services
- Introduction to Authorization
- Horizontal Privilege Escalation
- Vertical Privilege Escalation
Module 10: Other Vulnerabilities
- Insecure Direct Object References — IDOR
- Security Misconfiguration
- HTTP – only flag
- Secure Flag
- samesite attribute
- Sensitive Data Exposure
- Missing Functional Level Access Control
- Unvalidated Redirects and Forwards
- Clickjacking (X-Frame Options or XFS)
Module 11: Cryptography and SSL
- Basics of Cryptography
- Encoding – Crane Problem
- Encryption
-
- Ciphers
- Symmetric Key Encryption
- Asymmetric Key Encryption
-
- Public Key Cryptography
- Hashing – md5, sha1, sha2
- SSL Tests
- Certificate Problems
- Protocol Support
- Key Exchange
- Cipher Strength
Module 12: XML External Entity (XXE) Processing
- Introduction to XML
- Configuring xHttp request at Client
- Configuring XML parser at server
- Identification of XXE
- Exploitation of XXE
- Remediation of XXE
Module 13: Automation Tools
- Web Inspect or eq
- False Positive Elimination
- Risk Analysis
- Reporting
——– End of this page —————————————————–