Web App Sec Professional

Web App Sec Professional | WASP | Self Study

WebApp Security Execution Course

Created by Abhishek K GL

9 Hours

75 students enrolled

Last updated July 17, 2024

Intermediate

Hindi Audio with Content in English

Overview
Curriculum
Instructors
Reviews

Current Status

Not Enrolled

Price

Rs 720 (After Discount)

Get Started

Buy / Take This Course

This Course Includes

Video Duration	9+ Hours
Support Material	None
Access Duration	ONE YEAR
Certificate	At Completion
Author	Sanjay Lekhak
Co Author	Aman Sahni

Web Application Security has 3 learning levels – Foundation, Preparation and Professional.

Our WASF (Web Application Security Foundation) course covers initial 2 levels – Foundation & Preparation. WASF skillset is also a prerequisite for this course.

This module brings completeness to the learning of Web App Security and will take you through some hands-on exercises along with related concepts to make you ready for Web Application Security related assignments.

In this module, we cover following concepts along with real demo and exercises

Client Side Attack

Browser History
Browser Back & Refresh
Browser Memory & Auto Complete
Browser Cache (& Cache Control Headers)

Authentication & Authorization

Attacking the Login Page – Bruteforcing.
CAPTCHA (& Password Policy)
Authentication and Authorization
Two Factor Authentication
Parameter Manipulation & IDOR
Broken/Missing Function Level Access Control – Vertical and Horizontal

Client Side Attack: Miscelleneous

Same Origin Policy – SOP
Cross Origin Resource Sharing – CORS
CSRF (XSRF, SeaSurf, Session Riding)
Clickjacking
CSV Injection
Content security Policy and Important HTTP headers

Client Side Attack: XSS

Document Object Model – DOM
AJAX
Javascript basics
HTML injection
Iframe Injection
Cross Site Scripting – XSS
Reflected XSS
Stored XSS
DOM based XSS
Filter Bypassing & XSS Mitigation

SQL Injection

Introduction to DBMS
Basic SQL Commands
SQL Injection
Fingerprint the Database
Inband SQL Injection / SQL Injection – Bypass a Login page
Blind SQL
SQLmap Tutorial / Union Operator
SQL Injection in other statements / Injecting into SQL ( in different statements )
Bypassing Filters
Second order SQL injection
Preventing SQL injection
NOSQL injection (MongoDB)
LDAP injection basics

Code Execution on Server

OS Command Injection.
Server Side Includes Injection
Server side Template injection
File Upload Vulnerability
Directory Listing and Path Traversal
File Inclusion
Invalidated Redirects and Forwards/Open Redirection
Server Side Request Forgery

Miscellaneous Attacks on Server

HTTP Response Spliting (CRLF)
HTTP Parameter Pollution
Host header injection
Web Cache Deception/Poisoning
Insecure Deserialization

XML Attacks

Introduction to XML
XPATH Injection
XML External Entity (XXE)

If you have completed WASF, consider this as the final step to gain essential understanding about Web App Security.

Wish you all the best!

Integral Bytes Course Content

Expand All

Web AppSec: Client Side Attack - On Browser 4 Integral Bytes Topics | 1 Integral Bytes Quiz

Expand

Integral Bytes Lesson Content

0% Complete 0/4 Steps

Browser History

Browser Back & Refresh

Browser Memory & Auto Complete

Web AppSec: Client Side Attack – On Browser – Quiz

Web AppSec : Authentication & Authorization 6 Integral Bytes Topics | 1 Integral Bytes Quiz

Expand

Integral Bytes Lesson Content

0% Complete 0/6 Steps

Attacking the Login Page – Bruteforce

Authentication and Authorization

Two Factor Authentication

Parameter Manipulation (IDOR)

Broken/Missing Function Level Access Control

Web AppSec : Authentication & Authorization – Quiz

Web AppSec: Client Side Attack - Multiple Types 6 Integral Bytes Topics | 1 Integral Bytes Quiz

Expand

Integral Bytes Lesson Content

0% Complete 0/6 Steps

Same Origin Policy – SOP

Cross Origin Resource Sharing – CORS

CSRF (XSRF, SeaSurf, Session Riding)

Content security Policy and Important HTTP headers

Web AppSec: Client Side Attack – Multiple Types – Quiz

Web AppSec: Client Side Attack - XSS 10 Integral Bytes Topics | 1 Integral Bytes Quiz

Expand

Integral Bytes Lesson Content

0% Complete 0/10 Steps

Document Object Model – DOM

Javascript basics

Iframe Injection

Cross Site Scripting – XSS

XSS Mitigation & Bypassing Techniques

Web AppSec: Client Side Attack – XSS – Quiz

Web AppSec: SQL Injection 13 Integral Bytes Topics | 1 Integral Bytes Quiz

Expand

Integral Bytes Lesson Content

0% Complete 0/13 Steps

Introduction to DBMS

Basic SQL Commands

Fingerprint the Database

Inband SQL Injection

SQLmap Tutorial

SQL Injection in other statements

Bypassing Filters

Second order SQL injection

Preventing SQL injection

NOSQL injection (MongoDB)

LDAP injection basics

Web AppSec: SQL Injection – Quiz

Web AppSec : Code Execution on Server 8 Integral Bytes Topics | 1 Integral Bytes Quiz

Expand

Integral Bytes Lesson Content

0% Complete 0/8 Steps

OS Command Injection

Server Side Includes Injection

Server side Template injection

File Upload Vulnerability

Directory Listing and Path Traversal

Unvalidated Redirects and Forwards

Server Side Request Forgery

Web AppSec : Code Execution on Server – Quiz

Web AppSec : Other Attacks on Server 5 Integral Bytes Topics | 1 Integral Bytes Quiz

Expand

Integral Bytes Lesson Content

0% Complete 0/5 Steps

HTTP Response Splitting (CRLF)

HTTP Parameter Pollution

Host header injection

Web Cache Deception/Poisoning

Insecure Deserialization

Web AppSec : Other Attacks on Server – Quiz

Web AppSec : XML Attacks 3 Integral Bytes Topics | 1 Integral Bytes Quiz

Expand

Integral Bytes Lesson Content

0% Complete 0/3 Steps

Introduction to XML

XPATH Injection

XML External Entity (XXE)

Web AppSec : XML Attacks – Quiz

About the Instructors

Abhishek K GL

20+ Years Business and Operations experience into IT & Cyber Security.

You may also like

WAS Professional

Web App Sec Professional | WASP | Batch 2408

The WASP Batch or Web Application Security Professional level training is created with an objective to train, enable & prepare fresh technology and science graduates for entry level premium Cyber Security job and build a strong Cyber Security career thereafter. The training covers networking, security assessment tools, cyber security terminologies, security assessment framework, passive & active info gathering, vulnerability assessment, client side attacks, server side attacks, sql injection, xml attacks & more using pre-recorded videos, live sessions, study material, quiz & lab assignments.

WAS Professional

Web App Sec Professional | WASP | Batch 2407

The WASP Batch or Web Application Security Professional level training is created with an objective to train, enable & prepare fresh technology and science graduates for entry level premium Cyber Security job and build a strong Cyber Security career thereafter. The training covers networking, security assessment tools, cyber security terminologies, security assessment framework, passive & active info gathering, vulnerability assessment, client side attacks, server side attacks, sql injection, xml attacks & more using pre-recorded videos, live sessions, study material, quiz & lab assignments.

WAS Professional

Web App Sec Professional | WASP | Batch 2406

The WASP Batch or Web Application Security Professional level training is created with an objective to train, enable & prepare fresh technology and science graduates for entry level premium Cyber Security job and build a strong Cyber Security career thereafter. The training covers networking, security assessment tools, cyber security terminologies, security assessment framework, passive & active info gathering, vulnerability assessment, client side attacks, server side attacks, sql injection, xml attacks & more using pre-recorded videos, live sessions, study material, quiz & lab assignments.