Web App Sec Professional | WASP | Self Study
Complete Web Application Security from Networking till Web App Attacks.
This Course Includes
| Video Duration | 27+ Hours |
| Support Material | 3 |
| Access Duration | One Year |
| Certificate | At Completion |
| Author | Sanjay Lekhak Aman Sahni |
| Co Author | Abhishek Kapoor |
This course covers the complete syllabus of Web Application Security including Networking, VA, PT, Web App Architecture, Cyber Security Terminology, Information Gathering, Web Application Security Assessment Framework & all types of Web Application Attacks.
The syllabus can be divided into 2 parts –
Part 1 – Foundation
Networking: Protocols
IP Address & Subnets
TCP / IP Handshake
Port Mapping & Scanning
FTP, SMB, Telnet, SSH, RDP, HTTP / HTTPS, Mailing Protocols, ARP & MITM
Network & Security Devices
Kali Linux
Kali Linux Installation
Command Line
BASH Scripting
Data Transfer & Monitoring Tools
NMAP
NetCat
SoCat
PowerShell
PowerCat
Wireshark
TCPDump
Penetration Testing & Knowledge base
Scan & Exploit Target using Metasploit & Python Script
Web Application Architecture
Cyber Security Terminologies
OWASP
NIST
MITRE ATT&CK
CIA Triad
Passive Information Gathering
Website Recon & Whois
Google Hacking
Recon NG
Opensource Code
Shodan
Security Head Scanner
SSL Server Test
PasteBin
theHarvester
Password Dumps
Social Media Search Tools
Stackoverflow
OSINT Framework
Maltgo
Active Information Gathering
DNS Enumeration
Port Scanning
SMB Enumeration
SMTP & SNMP Enumeration
Vulnerability Scanning
Vulnerability Scanning
NMAP
Nessus
Web Application Security Assessment
Web Application Concepts
Encoding
App Sec Testing Process
Session Management & Attacks
Angry IP Scanner, DIRB, Nikto
Burpsuite
Burpsuite Intro
Burp Proxy & Spidering
Intruder & Repeater
Burp Collaborator & BApp Store
Bypassing Client Side Validation
Parameter Manipulation & Prevention
Part 2 – Attacks
Authentication & Authorization
Attacking the Login Page – Bruteforcing.
CAPTCHA (& Password Policy)
Authentication and Authorization
Two Factor Authentication
Parameter Manipulation & IDOR
Broken/Missing Function Level Access Control – Vertical and Horizontal
Client Side Attack: Miscelleneous
Same Origin Policy – SOP
Cross Origin Resource Sharing – CORS
CSRF (XSRF, SeaSurf, Session Riding)
Clickjacking
CSV Injection
Content security Policy and Important HTTP headers
Client Side Attack: XSS
Document Object Model – DOM
AJAX
Javascript basics
HTML injection
Iframe Injection
Cross Site Scripting – XSS
Reflected XSS
Stored XSS
DOM based XSS
Filter Bypassing & XSS Mitigation
SQL Injection
Introduction to DBMS
Basic SQL Commands
SQL Injection
Fingerprint the Database
Inband SQL Injection / SQL Injection – Bypass a Login page
Blind SQL
SQLmap Tutorial / Union Operator
SQL Injection in other statements / Injecting into SQL ( in different statements )
Bypassing Filters
Second order SQL injection
Preventing SQL injection
NOSQL injection (MongoDB)
LDAP injection basics
Code Execution on Server
OS Command Injection.
Server Side Includes Injection
Server side Template injection
File Upload Vulnerability
Directory Listing and Path Traversal
File Inclusion
Invalidated Redirects and Forwards/Open Redirection
Server Side Request Forgery
Miscellaneous Attacks on Server
HTTP Response Spliting (CRLF)
HTTP Parameter Pollution
Host header injection
Web Cache Deception/Poisoning
Insecure Deserialization
XML Attacks
Introduction to XML
XPATH Injection
XML External Entity (XXE)
The above course is also offered as a set of 2 separate courses – WASF and WASA. We have combined the 2 courses and created this course to be offered along with the WASP Live Batch training.
Integral Bytes Course Content
About the Instructors
