Current Status
Not Enrolled
Price
Rs. 2160/- (After Discount)

This Course Includes

Video Duration27+ Hours
Support Material3
Access DurationOne Year
CertificateAt Completion
Author Sanjay Lekhak
Aman Sahni
Co AuthorAbhishek Kapoor

This course covers the complete syllabus of Web Application Security including Networking, VA, PT, Web App Architecture, Cyber Security Terminology, Information Gathering, Web Application Security Assessment Framework & all types of Web Application Attacks.

The syllabus can be divided into 2 parts –

Part 1 – Foundation

IP Address & Subnets
TCP / IP Handshake
Port Mapping & Scanning
FTP, SMB, Telnet, SSH, RDP, HTTP / HTTPS, Mailing Protocols, ARP & MITM
Network & Security Devices

Kali Linux Installation
Command Line
BASH Scripting

NMAP
NetCat
SoCat
PowerShell
PowerCat
Wireshark
TCPDump

Scan & Exploit Target using Metasploit & Python Script
Web Application Architecture
Cyber Security Terminologies
OWASP
NIST
MITRE ATT&CK
CIA Triad

Website Recon & Whois
Google Hacking
Recon NG
Opensource Code
Shodan
Security Head Scanner
SSL Server Test
PasteBin
theHarvester
Password Dumps
Social Media Search Tools
Stackoverflow
OSINT Framework
Maltgo

DNS Enumeration
Port Scanning
SMB Enumeration
SMTP & SNMP Enumeration

Vulnerability Scanning
NMAP
Nessus

Web Application Concepts
Encoding
App Sec Testing Process
Session Management & Attacks
Angry IP Scanner, DIRB, Nikto

Burpsuite Intro
Burp Proxy & Spidering
Intruder & Repeater
Burp Collaborator & BApp Store
Bypassing Client Side Validation
Parameter Manipulation & Prevention

Part 2 – Attacks

Attacking the Login Page – Bruteforcing.
CAPTCHA (& Password Policy)
Authentication and Authorization
Two Factor Authentication
Parameter Manipulation & IDOR
Broken/Missing Function Level Access Control – Vertical and Horizontal

Same Origin Policy – SOP
Cross Origin Resource Sharing – CORS
CSRF (XSRF, SeaSurf, Session Riding)
Clickjacking
CSV Injection
Content security Policy and Important HTTP headers

Document Object Model – DOM
AJAX
Javascript basics
HTML injection
Iframe Injection
Cross Site Scripting – XSS
Reflected XSS
Stored XSS
DOM based XSS
Filter Bypassing & XSS Mitigation

Introduction to DBMS
Basic SQL Commands
SQL Injection
Fingerprint the Database
Inband SQL Injection / SQL Injection – Bypass a Login page
Blind SQL
SQLmap Tutorial / Union Operator
SQL Injection in other statements / Injecting into SQL ( in different statements )
Bypassing Filters
Second order SQL injection
Preventing SQL injection
NOSQL injection (MongoDB)
LDAP injection basics

OS Command Injection.
Server Side Includes Injection
Server side Template injection
File Upload Vulnerability
Directory Listing and Path Traversal
File Inclusion
Invalidated Redirects and Forwards/Open Redirection
Server Side Request Forgery

HTTP Response Spliting (CRLF)
HTTP Parameter Pollution
Host header injection
Web Cache Deception/Poisoning
Insecure Deserialization

Introduction to XML
XPATH Injection
XML External Entity (XXE)

The above course is also offered as a set of 2 separate courses – WASF and WASA. We have combined the 2 courses and created this course to be offered along with the WASP Live Batch training.

Integral Bytes Course Content

Expand All
Web App Sec Foundation
Integral Bytes Lesson Content
0% Complete 0/2 Steps
Integral Bytes Lesson Content
0% Complete 0/1 Steps
Integral Bytes Lesson Content
0% Complete 0/1 Steps
Integral Bytes Lesson Content
0% Complete 0/1 Steps
Web App Sec Attacks
Integral Bytes Lesson Content
0% Complete 0/1 Steps
Integral Bytes Lesson Content
0% Complete 0/1 Steps
Integral Bytes Lesson Content
0% Complete 0/1 Steps
Integral Bytes Lesson Content
0% Complete 0/1 Steps

About the Instructors

25+ Years Business and Operations experience into IT, Cyber Security & Business Development.