Courses

Web Application Security Course

Contact – 09 785263288

Email – thinbashane@gmail.com

Introuduction to Web Technology
– Basic Web
– Essentials of HTML , JS ,PHP for Web pentesting
–
Linux & Windows Basics
– Essentials Windows Command Line
– Essentials Linux Command Line
Information Gathering
– Passive Information Gathering
– Active Information Gathering
–
OWASP Top 10 Vulnerabilities
A1 : Injection
– HTML Injection
– SQL Injection
– XML/Xpath Injection
– iFrame Injection
– LDAP Injection
– Command Injection
– Code Injection
– Server Sides Include (SSI) Injection
–
A2 : Broken Authentication & Session Management
– Bruteforce Login
– Insecure Login forms
– Session Fixation
– Cookies
– Captcha Bypassing
–
A3 : Cross Site Scripting (XSS)
– Relflected XSS
– Stored XSS
– DOM XSS
– PATH XSS
– RPO XSS
– XSS Exploitation with BeeF ( Browser Exploitation
Framework )
– XSS Exploitation with Xenotix ( XSS Framework for Windows )
–
A4 : Insecure Direct Object Reference (IDOR)
– HTTP Verb Tampering
– Parameter Manipulation
–
A5 : Security Misconfiguration
– Arbitrary File Access
– (Cross Origin Resource Sharing) CORS Misconfiguration
– Denial Of Service (HTTP Flood)
– Denial Of Service (One Billion Laugh Attack)
– Man In The Middle
– Backup Files
– Robots File
–
A6 : Sensitive Data Exposure
– Weak Encoding
– HTML5 Web Storages
– Leaking Sensitive Credentials Files
–
A7 : Missing Functional Level Access Contorl
– Directory Traversal
– File Inclusion ( Remote & Local )
– Restricted Device Access
– Server Side Request Forgery (SSRF)
– XML External Entities (XXE) Attack
–
A8 : Cross Site Request Forgery
– CSRF for both GET & POST methods
– Basic SOP (Same Origin Policy) Bypass
–
A9 : Using Components with known vulnerabilities
– Using public exploits
–
A10: Unvalidated Redirects & Forwards
– Open Redirect Vulnerabilities
– Redirect XSS
–
Others Web Attacks
– File Upload Vulnerabilities
– Basic of Web application Obufscation
–
Password Cracking
– Online Password Cracking
– Offline Password Cracking