Web App Sec Professional | WASP | Batch 2407
WASP or Web Application Security Professional training batch, enabling Science and Technology Students for a strong Cyber Security Career
Build Your Cyber Security Career
The WASP Batch or Web Application Security Professional level training is created with an objective to train, enable & prepare fresh technology and science graduates for entry level premium jobs related to Web Application Security Skillset at Professional Level and build a strong cyber security career thereafter.
The training also helps undergraduates and young students to acquire a premium cyber security skill early on, assess & develop interest in cyber security and build it further while moving towards graduation.
Follow the Schedule
| EVENT TITLE | DATE | STATUS |
|---|---|---|
| Payment Deadline | 05 Jul 24 | Payment Link Available |
| Batch Starts | 06 Jul 24 | Intro & 1st Session |
| Batch Duration | 4 Weeks | Live Sessions over Weekends Saturday & Sunday |
| Batch Ends | 28 Jul 24 | Final Live Session |
| Minimum Requirements | 2 Hours Daily of Self Study Laptop with 8 GB RAM Good Internet at Home Technical Aptitude | |
| Study Methodology | Self Study Courses Live Sessions Practical Assignments | |
| Online Access to Session Recording | 100 Days | |
| Access to Self Study Courses | 1 Year | |
| On Succesful Completion | IBSA Certificate & One Interview Call |
The Syllabus: WebAppSec Pro
Part One: WebAppSec Foundation (WASF)
Networking: Protocols
IP Address & Subnets
TCP / IP Handshake
Port Mapping & Scanning
FTP, SMB, Telnet, SSH, RDP, HTTP / HTTPS, Mailing Protocols, ARP & MITM
Network & Security Devices
Kali Linux
Kali Linux Installation
Command Line
BASH Scripting
Data Transfer & Monitoring Tools
NMAP
NetCat
SoCat
PowerShell
PowerCat
Wireshark
TCPDump
Penetration Testing & Knowledge base
Scan & Exploit Target using Metasploit & Python Script
Web Application Architecture
Cyber Security Terminologies
OWASP
NIST
MITRE ATT&CK
CIA Triad
Passive Information Gathering
Website Recon & Whois
Google Hacking
Recon NG
Opensource Code
Shodan
Security Head Scanner
SSL Server Test
PasteBin
theHarvester
Password Dumps
Social Media Search Tools
Stackoverflow
OSINT Framework
Maltgo
Active Information Gathering
DNS Enumeration
Port Scanning
SMB Enumeration
SMTP & SNMP Enumeration
Vulnerability Scanning
Vulnerability Scanning
NMAP
Nessus
Web Application Security Assessment
Web Application Concepts
Encoding
App Sec Testing Process
Session Management & Attacks
Angry IP Scanner, DIRB, Nikto
Burpsuite
Burpsuite Intro
Burp Proxy & Spidering
Intruder & Repeater
Burp Collaborator & BApp Store
Bypassing Client Side Validation
Parameter Manipulation & Prevention
Part Two: WebAppSec Professional (WASP)
Authentication & Authorization
Attacking the Login Page – Bruteforcing.
CAPTCHA (& Password Policy)
Authentication and Authorization
Two Factor Authentication
Parameter Manipulation & IDOR
Broken/Missing Function Level Access Control – Vertical and Horizontal
Client Side Attack: Miscelleneous
Same Origin Policy – SOP
Cross Origin Resource Sharing – CORS
CSRF (XSRF, SeaSurf, Session Riding)
Clickjacking
CSV Injection
Content security Policy and Important HTTP headers
Client Side Attack: XSS
Document Object Model – DOM
AJAX
Javascript basics
HTML injection
Iframe Injection
Cross Site Scripting – XSS
Reflected XSS
Stored XSS
DOM based XSS
Filter Bypassing & XSS Mitigation
SQL Injection
Introduction to DBMS
Basic SQL Commands
SQL Injection
Fingerprint the Database
Inband SQL Injection / SQL Injection – Bypass a Login page
Blind SQL
SQLmap Tutorial / Union Operator
SQL Injection in other statements / Injecting into SQL ( in different statements )
Bypassing Filters
Second order SQL injection
Preventing SQL injection
NOSQL injection (MongoDB)
LDAP injection basics
Code Execution on Server
OS Command Injection.
Server Side Includes Injection
Server side Template injection
File Upload Vulnerability
Directory Listing and Path Traversal
File Inclusion
Invalidated Redirects and Forwards/Open Redirection
Server Side Request Forgery
Miscellaneous Attacks on Server
HTTP Response Spliting (CRLF)
HTTP Parameter Pollution
Host header injection
Web Cache Deception/Poisoning
Insecure Deserialization
XML Attacks
Introduction to XML
XPATH Injection
XML External Entity (XXE)
As part of this training, you’ll get access to above 2 Self Study courses at no additional cost.
Learning Method
- Self Study Courses mentioned above = The primary source of learning. Include pre-recorded videos, detailed reading chapters & quiz.
- Live Sessions held by expert professionals = To provide a quick review and introduction to topics. You’ll get good enough understanding of main topics and also time to get your queries answered. Recording will be provided through WASP Live Batch Course.
- Online Lab Assignments = Mapped to syllabus and schedule. Of 3 levels – Easy, Medium and Hard. You’ll practice the concepts here and get real idea of how vulnerabilities are exploited.
Requirements
- 2 Hours to 3 Hours per day self study on average
- Laptop with 8 GB RAM. Please avoid using phones to watch videos as the learning requires regular hands-on hence laptop is preferred mode.
- Follow the self study & Lab schedule with full attention & discipline
qSEAp – Our Knowledge Partner
qSEAp, a growing Cyber Security organization, is our knowledge partner. This is where we design our premium content and this is also where you may get a call for interview after successfully completing the training.
Know more about qSEAp, click on qSEAp logo here.
Join the Training Now
To join the training, simply click on the link “BUY / TAKE THIS COURSE”,
Mentioned on the top right of this page and make the payment.
Got a query? Please share with us –
Integral Bytes Course Content
About the Instructors
