Gruha Sikshak is a leader in providing Online Training Services for various requirements of Web Application Penetration Testing (Web Application Security Testing, Authentication & Session Management, Cryptography & SSL, etc.,) in IT industry.
It has been started by a group of highly talented Faculty / Trainers in their respective courses with an objective of providing Online Support for Students and Employees world wide.
Locations - Hyderabad, India, USA, UK, Australia, UAE, Singapore, Canada, Germany.
|Web Application Penetration Testing||
Application Development : Installation of WAMP or XAMPP server, Basics of MySql, Developing bank application :- Login.html, usercheck.php, profile.php, transfer.php, feedback.php, feedback_user.php, feedback_admin.php; Session management :- Session, Cookie, Same-Origin Policy;
HTTP Protocol : Hypertext Transfer Protocol (RFC 2616) -- HTTP/1.1, HTTP Messages, HTTP Request and Response :- Header and Body; HTTP Methods, HTTP Status Codes, HTTP Cache.
Web Application Security Testing : Black Box Testing, White Box Testing, Grey Box Testing, Vulnerability Assessment VS Penetration Testing, Web App Vulnerability Assessments process :- Request for testing environment, Request for credentials; Web App Reconnaissance :- Server Finger Printing;
Burp Suite and ZAP : Introduction to burp Suite :- Burp Proxy, Burp Spider, Burp Intruder, Burp repeater, Burp Sequencer; Introduction to ZAP :- Scan Policy Manager (Analyze), Tools, Report, ZAP Modes - Attack Mode.
Sql Injection :- Sql Injections, Identification of Injections :- Error based injection, Union based Injection, Blind Injection - Time Based; Exploitation of Sql Injections :- Sqlmap, Manually extracting data; Remediation of Sqlinjection :- Input Validation, Input Escaping, mysqli_real_escape_string, Parameterized Queries :- Prepare, Parse, Bind, Compile;
Cross-site Request Forgery : Understanding CSRF, Identification of CSRF, Exploitation of CSRF, Remediation of CSRF.
Authentication : Authentication Technologies :- HTML Forms based Authentication, Multifactor Authentications, Certificate Based Authentication, HTTP Basic Authentication, Windows Integrated (NTLM/Kerberos), Authentication Services, Fail - Open Login Mechanisms :- Guessable Passwords; Plain text password transmission :- Introduction to Wireshark, Network Traffic sniffing with Wireshark, Extracting credentials in network traffic.
Authorization and Session Management : Introduction to authorization, Horizontal privilege escalation, Vertical privilege escalation, Introduction to Session Management, Predictable Tokens and Weak Randomness, Session Fixation and replay, Session Hijacking and replay, Hijacking session with XSS vulnerability, Hijacking Session Token in network Traffic, HTTP - only Flag, Secure Flag.
Other Vulnerabilities : Insecure Direct Object References, Security Misconfiguration, Sensitive Data Exposure, Missing Function Level Access Control, Unvalidated Redirects and Forwards.
Cryptography and SSL : Basics of Cryptography, Encoding - Crane Problem, Encryption :- Ciphers, Symmetric Key Encryption, Asymmetric Key Encryption; Public Key cryptography, Hashing - md5, SHA1, SHA2, SSL Tests :- Certificate Problems, Protocol Support, Key Exchange, Cipher Strength.
Kali Linux : Introduction to Kali Linux, Various Web App Tools in Kali Linux :- Nikto, w3af, BeEF Framework, Wapiti, Vega.
Firefox - Addons : Tamper Data, Foxy Proxy, Firebug, User Agent Switcher, Cookies Manager +.
Automation Tools : Acunetix, IBM App Scan, False positives Elimination.
Threat Modeling and Reporting : Threat Model, STRIDE Model, DREAD Model, OWASP Reporting Format, PCI DSS Reporting Format.