Web App Sec Attacks | WASA | Self Study
Learn about Web App Sec Attacks.
This Course Includes
| Video Duration | 9+ Hours |
| Support Material | None |
| Access Duration | ONE YEAR |
| Certificate | At Completion |
| Author | Sanjay Lekhak |
| Co Author | Aman Sahni |
We have divided Web Application Security into Two Levels – Foundation and Professional.
Our WASF (Web Application Security Foundation) course maps to Foundation level where you can learn about Networking, Kali Linux, Vulnerability Assessment, Penetration Testing, Web App Architecture and Assessment Framework in addition to Cyber Security Terminologies and Frameworks.
This module brings completeness to the learning of Web App Security and will take you through some hands-on exercises on Web Application Security Attacks along with related concepts to make you ready for Web Application Security related assignments.
In this module, we cover following concepts along with real demo and exercises
Authentication & Authorization
Attacking the Login Page – Bruteforcing.
CAPTCHA (& Password Policy)
Authentication and Authorization
Two Factor Authentication
Parameter Manipulation & IDOR
Broken/Missing Function Level Access Control – Vertical and Horizontal
Client Side Attack: Miscelleneous
Same Origin Policy – SOP
Cross Origin Resource Sharing – CORS
CSRF (XSRF, SeaSurf, Session Riding)
Clickjacking
CSV Injection
Content security Policy and Important HTTP headers
Client Side Attack: XSS
Document Object Model – DOM
AJAX
Javascript basics
HTML injection
Iframe Injection
Cross Site Scripting – XSS
Reflected XSS
Stored XSS
DOM based XSS
Filter Bypassing & XSS Mitigation
SQL Injection
Introduction to DBMS
Basic SQL Commands
SQL Injection
Fingerprint the Database
Inband SQL Injection / SQL Injection – Bypass a Login page
Blind SQL
SQLmap Tutorial / Union Operator
SQL Injection in other statements / Injecting into SQL ( in different statements )
Bypassing Filters
Second order SQL injection
Preventing SQL injection
NOSQL injection (MongoDB)
LDAP injection basics
Code Execution on Server
OS Command Injection.
Server Side Includes Injection
Server side Template injection
File Upload Vulnerability
Directory Listing and Path Traversal
File Inclusion
Invalidated Redirects and Forwards/Open Redirection
Server Side Request Forgery
Miscellaneous Attacks on Server
HTTP Response Spliting (CRLF)
HTTP Parameter Pollution
Host header injection
Web Cache Deception/Poisoning
Insecure Deserialization
XML Attacks
Introduction to XML
XPATH Injection
XML External Entity (XXE)
If you have completed WASF, consider this as the final step to gain essential understanding about Web App Security at Professional Level.
Wish you all the best!
Integral Bytes Course Content
About the Instructors
