Upload File

web application hacking penetration testing 5 day hands on course syllabus v2.0 new

  • Home
  • Documents
  • Web Application Hacking Penetration Testing 5 Day Hands on Course Syllabus v2.0 New
prev
next
out of 8
Download Web Application Hacking Penetration Testing 5 Day Hands on Course Syllabus v2.0 New

Upload: strokenfilled

Post on 09-Mar-2016

5 views

Category:

Documents


0 download

Report

DESCRIPTION

Web application testing, hacking, penetration testing for beginner. very good training

TRANSCRIPT

  • Web Application Hacking

    (Penetration Testing)

    5-day Hands-On Course

    Syllabus

  • Our web sites are under attack on a daily basis and the next security breach is just a matter of time. This intensive hands-on course will teach you how to find those vulnerabilities in your web applications before the bad guys do. The course will introduce the various methods, tools and techniques used by attackers, in order to know how to test for the major security vulnerabilities and how to identify security bugs on real systems, by using live hacking demonstrations and hands-on labs. The objectives of the course are to teach developers and security professionals about the most dangerous vulnerabilities and how to perform security testing, and by that increasing the amount and quality of test cases that can be performed by the auditor.

    This course provides intensive hands-on labs using real world applications.

    Members of the software development team: Security professionals Software experts Experienced developers

    Before attending this course, students should be familiar with: Operating systems concepts, basic knowledge in databases & SQL language Programming concepts, with emphasis on web applications (HTML/JS)

  • Day 1:

    Application discovery Site mapping & web crawling Server & application fingerprinting Identifying the entry points File extensions handling Page enumeration and brute forcing Looking for leftovers Google hacking Analysis of error code LAB Collect information and reveal application's sensitive data

    Encoding attacks Command injection Code injection LDAP injection Log / CRLF injection Header injection SMTP injection XML injection XPATH injection Input validation techniques Blacklist VS. Whitelist input validation bypassing LAB Exploit improper input validation

    Day 2:

    Information Gathering

    Injections and Validations

  • What is authentication? Supported authentication types - anonymous, basic, digest, forms, Kerberos, client certificate Authentication scenarios User enumeration Guessing passwords - brute force & dictionary attacks Direct page requests Parameter modification Password reset flaws Password change flaws Bypassing weak CAPTCHA mechanisms Common implementation mistakes - authentication bypassing using SQL injection, LDAP

    injection, XPATH injection LAB Bypass authentication forms using multiple method

    What is authorization? Authorization models - DAC/MAC RBAC Authorization bypassing Canonicalization & path traversal Parameter tampering Forceful browsing Rendering based authorization Client side validation attacks Hardening LAB - Authorization bypassing and impersonation

    Business flow bypass Replay attack Currency manipulation Business logic attack vectors Direct access to web services LAB Exploit business logic vulnerabilities

    Day 3:

    Authentication Vulnerabilities

    Authorization Vulnerabilities

    Business Logic Vulnerabilities

  • Introduction to SQL command structure NoSQL injection Mongo, ORM Database manipulation Circumventing authentication Retrieving data Inserting data Deleting data Attacking availability Local system access Discovering vulnerable apps Error based Blind Binary search Evasion LAB Practice SQL injection attacks

    Path traversal Canonicalization Uploaded file backdoors Insecure file extension handling Directory listing File size File type Malware upload LAB Exploit insecure file handling, upload web shells, deface using upload file

    mechanism

    SQL Injection Vulnerabilities

    File Handling Attacks

  • Day 4:

    Overview of XSS XSS Description Reflected XSS Stored / persistent XSS DOM based XSS XSS Whitelist VS. Blacklist input validation Discovery approaches Manual VS. Automatic VS. Semi-automatic Different XSS scenarios XSS input validation evasion LAB Perform XSS attacks

    CSRF (Cross Site Request Forgery) Clickjacking Open redirects HTTP response splitting LAB Perform actions on-behalf users by CSRF, Test websites for Click jacking

    Cross Site Scripting (XSS) Vulnerabilities

    Browser Manipulation Techniques

  • Day 5:

    Symmetric cryptography Asymmetric cryptography Hashing Digital signing PKI / certificate SSL protocol SSL cipher suite Insufficient transport layer protection LAB Cryptography lab

    Application / OS crash CPU starvation Memory starvation File system starvation Resource starvation Triggering high network bandwidth User level DoS Exploiting a specific vulnerability Zip bomb Over flows reDoS Parsing errors LAB - Application DoS

    Cryptography Pitfalls

    Application Denial Of Service (DoS) Vulnerabilities

  • HTML5 approach Client side attacks Analyze client side source code Insecure storage Flash decompile Crossdomain.xml CORS requests Lab Client site application hacking

    Attacking Client Side Applications


Penetration Testing with Raspberry Pi - … · Penetration Testing with Raspberry Pi Construct a hacking arsenal for penetration testers or hacking enthusiasts using Kali Linux on

Ethical Hacking Using Penetration Testing · ethical hacking using penetration testing. 1 1. INTRODUCTION How can any organizational network be tested for vulnerabilities in both

The Basics of Hacking and Penetration Testing by Patrick Engebretson

Ethical Hacking & Penetration Testing Techniques

Hacking SAP BusinessObjects - spl0it.orgspl0it.org/files/talks/appsecdc10/Hacking SAP... · 2010-11-17 · Joshua “Jabra” Abraham –Security Consultant/Researcher Penetration

Google Hacking for Penetration Testers

Hacking Corporate Em@il Systems Nate Power. Penetration Methodology

Cybersecurity Professional - Zoom Cybersense · INTRODUCTION TO ETHICAL HACKING What is Hacking What is Ethical Hacking What is Penetration Testing What is Vulnerability Auditing

Penetration Testing Regulatory Complianceapkerr/itis6200_13_pen_test+compliance.… · Penetration Testing vs. Hacking •Pen-test does not normally include reconnaissance •Length

Penetration Testing Guide - TBG Security“Ethical Hacking” and other types of hackers and testing I’ve heard about? The terms Ethical Hacking and Penetration Testing are synonymous

Ethical Hacking Using Penetration Testing

Ethical Hacking & Penetration Testing

Ethical Hacking as a Professional Penetration Testing ... · PDF fileEthical Hacking as a Professional Penetration Testing Technique Rochester ISSA Chapter Rochester OWASP Chapter

Penetration Testing - IIT School of Applied · PDF fileIntroduction into penetration testing Web application hacking (live demo) Network hacking (live demo) ... %20exec%20master..xp_cmdshell%20'echo

PGP in Ethical Hacking & Cybersecurity · 2020-06-10 · Fundamentals of Ethical Hacking and Penetration Testing Advanced Wireless Hacking and Penetration Testing Mobile Device Security

Penetration Testing and Ethical Hacking

Web Hacking & Penetration Testing

Ethical Hacking & Penetration Testing

Penetration Testing - Montana State University · Penetration Testing •We are considering White Hat hacking –Ethical hacking •But to do that, we have to act like an attacker

[Download] iPhone Hacking and Penetration Testing

Hacking: Noob to Cyberpunk; Easy Guide to Computer …pdf.ebook777.com/054/B06XKSRWFN.pdf · Hacking Noob to Cyberpunk Easy Guide to Computer Hacking, Internet Security, Penetration

Ethical Hacking as a Professional Penetration Testing Technique

Google Hacking for Penetration Testers - Web3us LLC · 2020. 3. 11. · “Google Hacking for Penetration Testers”bySyngress Publishing. Advanced Operators Before we can walk, we

Long, Johnny. Google Hacking for Penetration Testers.the-eye.eu/public/Site-Dumps/index-of/index-of.co.uk/Google/google-hacking-for... · Long, Johnny. Google Hacking for Penetration

Google Hacking for Penetration Testers - Black Hat

A Seminar report On Ethical Hacking - Study Mafiastudymafia.org/wp-content/uploads/2015/01/MCA-Ethical-Hacking... · INTRODUCTION Ethical hacking also known as penetration testing

ETHICAL HACKING AND PENETRATION TESTING GUIDE

Android Hacking and Penetration Testing

Basics of Hacking and Penetration Testing, The (Second Edition)

Network Infrastructure Penetration Testing and …...Network Infrastructure Penetration Testing and Ethical Hacking This course teaches penetration testing and will illustrate how

Friendly hacking Penetration testing vs. hacking Kamil Golombek [email protected] [email protected] Tel. +420 241 046 279

Web Penetration and Hacking Tools€¦ ·  · 2015-10-02Web Penetration and Hacking Tools David Epler Security Architect [email protected]. ... • June 21, 2014 - 309,197

Sample Penetration Testing Report - index-of.co.uk/index-of.co.uk/Hacking-Coleccion/137 - Penetration Testing Sample... · Penetration)Test)Report) Archmake.com+ Second+Edition,+28th+of+February,+2012.+

Network Penetration Testing: Ethical Hacking - Sans Brochure

Ethical Hacking and Penetration Testing