Web Application Penetration Testing Online Training

Are you looking for Web Application Penetration Testing Online Training? Please tell us or post your requirement, our team will get back to you with best solutions.

Web Application Penetration Testing Online Training

Gruha Sikshak is a leader in providing Online Training Services for various requirements of Web Application Penetration Testing (Web Application Security Testing, Authentication & Session Management, Cryptography & SSL, etc.,) in IT industry.

 

Web Application Penetration Testing (Web Application Security Testing, Authentication & Session Management, Cryptography & SSL, etc.,)

 

It has been started by a group of highly talented Faculty / Trainers in their respective courses with an objective of providing Online Support for Students and Employees world wide.

 

Locations - Hyderabad, India, USA, UK, Australia, UAE, Singapore, Canada, Germany.

 


Technology Course Contents
Web Application Penetration Testing



Introduction to Web Applications : What is web application, How a web application works, Architecture of web applications, Basics of HTML, Basics of Javascript, Basics of any server-side language (PHP/J2EE/ASP.NET).

Application Development : Installation of WAMP or XAMPP server, Basics of MySql, Developing bank application :- Login.html, usercheck.php, profile.php, transfer.php, feedback.php, feedback_user.php, feedback_admin.php; Session management :- Session, Cookie, Same-Origin Policy;

HTTP Protocol : Hypertext Transfer Protocol (RFC 2616) -- HTTP/1.1, HTTP Messages, HTTP Request and Response :- Header and Body; HTTP Methods, HTTP Status Codes, HTTP Cache.

Web Application Security Testing : Black Box Testing, White Box Testing, Grey Box Testing, Vulnerability Assessment VS Penetration Testing, Web App Vulnerability Assessments process :- Request for testing environment, Request for credentials; Web App Reconnaissance :- Server Finger Printing;

Burp Suite and ZAP : Introduction to burp Suite :- Burp Proxy, Burp Spider, Burp Intruder, Burp repeater, Burp Sequencer; Introduction to ZAP :- Scan Policy Manager (Analyze), Tools, Report, ZAP Modes - Attack Mode.

Cross Site Scripting : Introduction to Cross Site Scripting, Reflected Cross Site Scripting, Stored/Persistent Cross Site Scripting, Browser - Document Object Model, DOM based Cross Site Scripting, Identification of Cross Site Scripting :- Payloads, Simple HTML Context, HTML Attribute Name Context, HTML Attribute Value Context, HTML Comments Context, JavaScript Context, VB Script Context, CSS Context, Polyglots; Exploitation of Cross Site Scripting :- Beef Cross Site Scripting Tool; Remediation of Cross Site Scripting :- Input Validation, White Listing, Black Listing, Output Encoding - Crane Problem.

Sql Injection :- Sql Injections, Identification of Injections :- Error based injection, Union based Injection, Blind Injection - Time Based; Exploitation of Sql Injections :- Sqlmap, Manually extracting data; Remediation of Sqlinjection :- Input Validation, Input Escaping, mysqli_real_escape_string, Parameterized Queries :- Prepare, Parse, Bind, Compile;

Cross-site Request Forgery : Understanding CSRF, Identification of CSRF, Exploitation of CSRF, Remediation of CSRF.

Authentication : Authentication Technologies :- HTML Forms based Authentication, Multifactor Authentications, Certificate Based Authentication, HTTP Basic Authentication, Windows Integrated (NTLM/Kerberos), Authentication Services, Fail - Open Login Mechanisms :- Guessable Passwords; Plain text password transmission :- Introduction to Wireshark, Network Traffic sniffing with Wireshark, Extracting credentials in network traffic.

Authorization and Session Management : Introduction to authorization, Horizontal privilege escalation, Vertical privilege escalation, Introduction to Session Management, Predictable Tokens and Weak Randomness, Session Fixation and replay, Session Hijacking and replay, Hijacking session with XSS vulnerability, Hijacking Session Token in network Traffic, HTTP - only Flag, Secure Flag.

Other Vulnerabilities : Insecure Direct Object References, Security Misconfiguration, Sensitive Data Exposure, Missing Function Level Access Control, Unvalidated Redirects and Forwards.

Cryptography and SSL : Basics of Cryptography, Encoding - Crane Problem, Encryption :- Ciphers, Symmetric Key Encryption, Asymmetric Key Encryption; Public Key cryptography, Hashing - md5, SHA1, SHA2, SSL Tests :- Certificate Problems, Protocol Support, Key Exchange, Cipher Strength.

Kali Linux : Introduction to Kali Linux, Various Web App Tools in Kali Linux :- Nikto, w3af, BeEF Framework, Wapiti, Vega.

Firefox - Addons : Tamper Data, Foxy Proxy, Firebug, User Agent Switcher, Cookies Manager +.

Automation Tools : Acunetix, IBM App Scan, False positives Elimination.

Threat Modeling and Reporting : Threat Model, STRIDE Model, DREAD Model, OWASP Reporting Format, PCI DSS Reporting Format.

 
 

About Gruha Sikshak - Online Trainings Provider.

Gruha Sikshak provides Online Training for various requirements in IT industry. It has been started by a group of highly talented faculty / trainers in their respective courses with an objective of providing online support for students and employees world wide... read more....

 

All of the content or information available on the website www.gruhasikshak.com which is owned by Gruha Sikshak, a company with headquarters in Hyderabad, the information of this website is explicitly forbidden to make use of the content of the site for commercial purposes or for distribution on another computer; it is also prohibited to make any modifications of the contents that are displayed on the site.
Any other form of utilization is expressly forbidden. Offenders will be prosecuted to the full extent of the law.

COPYRIGHT NOTICE. Copyright © 2018 GRUHA SIKSHAK. All rights reserved.
For all queries and problems, please send an e-mail message to the following address: gruhasikshak@gmail.com