Part 1 - Web Application Pentesting


Module 1

  1. Web Application (In)security
  2. Setting up a web application pentesting platform
  3. Installing vulnerable apps
  4. Burpsuite basics
  5. Analyzing traffic over HTTP
  6. Analyzing traffic over HTTPs

Module 2

  1. Understanding the HTTP protocol
  2. HTTP Headers
  3. Attacking HTTP Basic & Digest authentication
  4. Conducting a brute force attack

Module 3

  1. Analyzing the attack surface
  2. Information gathering
  3. Finding hidden URLs with dirbuster
  4. Identifying weak SSL certificates

Module 4

  1. Cross-Site Scripting (XSS) - Reflected, Stored and DOM based
  2. HTML Injection
  3. Broken Authentication and Session Management
  4. Insecure Direct Object References Cross-Site Request Forgery (CSRF)
  5. Insufficient Transport Layer Protection
  6. Unvalidated Redirects and Forwards
  7. Cross Origin resource sharing
  8. Command Injection vulnerabilities
  9. Local file inclusion vulnerability
  10. Remote file inclusion vulnerability
  11. Insecure Direct object reference
  12. HTTP Response splitting
  13. SQL injection
  14. Attaching session management
  15. HTTP Response header injection
  16. Improper exception handling
  17. Server side code disclosure
  18. Chaining XSS with other attacks
  19. Targeting Reset password functionality
  20. Business logic flaws

Module 5

  1. Securing Web apps
  2. Applying input validation
  3. IP Whitelisting
  4. Implementing access controls
  5. Removing HTTP headers
  6. Preventing CSRF with tokens
  7. Setting login limits
  8. Removing server configuration errors
  9. Identifying & fixing business logic issues

Write a review

Please login or register to review

Web Application Pen Testing Training

  • Product Code: v1.0
  • Availability: 100

Related Products

Cyber Security & Ethical Hacking Training

Cyber Security & Ethical Hacking Training

Topics:- 1. Introduction to Ethical Hacking2. Foot-printing and Reconnaissance3. Scanning Netwo..

Ethical Hacking

Ethical Hacking

Duration:- 5 DaysLocation: Delhi, RajasthanMode: Online/OfflineTrainer: Mr. Tapan Kr. Jha (Internati..

Ethical Hacking Basic Training

Ethical Hacking Basic Training

The Ethical Hacker Program by ASDN is the most comprehensive course for the network, website, serve..

Ethical Hacking Certificate

Ethical Hacking Certificate

The Ethical Hacker Program by ASDN is the most comprehensive course for the network, website, serve..

Tags: Web Application Pen Testing, Pen Testing, Penetration Testing, How to pen testing, How to do website testing, Website testing