Web application penetration testing professional v3.0
This is a subtitle. Get more detailed about your course here!
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed at ante vitae nulla vulputate elementum. Maecenas imperdiet malesuada lacinia. Donec sit amet aliquet urna. Nam sit amet eros dapibus, commodo ligula a, imperdiet mi. Fusce rhoncus eros in leo rutrum, at lobortis leo sodales. Quisque nibh tellus, rutrum placerat turpis ac, ullamcorper suscipit nisl. Nullam faucibus quam a leo imperdiet, vel blandit nibh iaculis. Duis efficitur ipsum eu eros fermentum, in volutpat erat tincidunt. Curabitur sit amet vulputate sem. Donec vel facilisis est. Morbi vitae mollis massa, sed maximus ex. Duis elit orci, scelerisque ut erat eu, tincidunt euismod erat.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed at ante vitae nulla vulputate elementum. Maecenas imperdiet malesuada lacinia. Donec sit amet aliquet urna. Nam sit amet eros dapibus, commodo ligula a, imperdiet mi. Fusce rhoncus eros in leo rutrum, at lobortis leo sodales. Quisque nibh tellus, rutrum placerat turpis ac, ullamcorper suscipit nisl. Nullam faucibus quam a leo imperdiet, vel blandit nibh iaculis. Duis efficitur ipsum eu eros fermentum, in volutpat erat tincidunt. Curabitur sit amet vulputate sem. Donec vel facilisis est. Morbi vitae mollis massa, sed maximus ex. Duis elit orci, scelerisque ut erat eu, tincidunt euismod erat.
Course Curriculum
-
1
About course
-
Introduction
-
-
2
Be prepared
-
Web attack simulation Lab
-
-
3
Web application technologies 101
-
Web application technologies 101
-
Domain names concepts - rfc1034
-
HTTP Protocol Basics
-
architecture
-
Cross-origin resource sharing
-
Encoding Schemes
-
HTTP Cookies
-
Same Origin Policy
-
Securing DNS Zone transfer
-
Web application proxy - Burp suite
-
DNSSEC- RFC_3008
-
rfc6265
-
-
4
Mapping the applications
-
Fingerprinting web server
-
DNS Analysis - Enumerating subdomains
-
BruteForcing Web applications
-
Harvesting the data
-
Metasploit for web application attacks
-
Outdated web application to server takeover
-
Web technologies analysis in real time
-
Maltego CE
-
Shodan HQ
-
-
5
Cross-site scripting attacks -XSS
-
Cross Site Scripting- XSS
-
Cross site scripting 101
-
Persistent XSS
-
Reflected XSS
-
DOM-based XSS
-
Generating XSS attack payloads
-
Cookie stealing through XSS
-
Website defacement through XSS
-
Advanced XSS attacks with Burp suite
-
Advanced XSS phishing attacks
-
Advanced XSS with BeEF attacks
-
XSS in PHP, ASP & JS Code review
-
Code_Review_Guide_Pre-AlphaV2_(1)
-
Codes for XSS phishing
-
PHP Codes for phishing -Traditional
-
PHP codes for cookie stealing
-
Cookie stealing scripts in javascript
-
-
6
SQL injection attacks - Exploitations
-
Introduction to SQL Injection
-
SQL Injection attacks
-
Fuzzing for SQL Injection - Burp Intruder
-
Dangers of SQL Injection
-
In-band SQL Injection attacks
-
Blind SQL Injection attack in-action
-
Hunting for SQL Injection vulnerabilities
-
Exploiting SQL injection - SQLMap
-
Drupageddon attack
-
-
7
Cross-site request forgery - CSRF
-
CSRF or XSRF 101
-
csrf
-
Anti-CSRF Token methods
-
Anti-CSRF token stealing-NOT easy
-
-
8
Authentication & authorisation attacks
-
Authentication bypass-hydra
-
authentication
-
HTTP Verb Tampering
-
HTTP parameter pollution - HPP
-
-
9
Client side security testing
-
Client side control bypass
-
Web socket-rfc6455
-
Cross window messaging - Resources
-
-
10
File related vulnerabilities
-
LFI & RFI attacks
-
Unrestricted file upload - content type
-
Unrestricted file upload - exetension type
-
FPI
-
Remote code execution using Shell Uploads
-
-
11
XML external entity attacks - XXE
-
XML Documents & database
-
XXE attacks in action
-
Out of band XXE - Resources
-
About the instructor
Atul Tiwari