VAPT – Training

This course covers both Web App Security and Network Security

Key Highlights

  • Installation of LAMP server (Docker/GCP/My Server)
  • Application Architecture
  • HTTP Request and Response
  • Header and Body
  • Identify application entry points
  • Map Application Architecture
  • Test HTTP Methods
  • Test HTTP Strict Transport Security
  • Introduction to burp Suite
  • Burp Proxy
  • Burp Intruder
  • Burp repeater
  • Burp Sequencer
  • Burp Extender
  • Introduction to ZAP
  • Scan Policy Manager (Analyse)
  • Tools
  • Report
  • ZAP Modes
  • IAM Authentication
  • Testing for Credentials Transported over un- Encrypted Channel
  • Testing for default credentials
  • Testing for Weak lock out mechanism
  • Testing for Browser cache weakness
  • Session Management
  • Session Management
  • Cookie – Testing for Cookie attributes — secure flag and http-only
  • Predictable Tokens and Weak Randomness
  • Session Fixation and replay
  • Testing for logout functionality with AuthN providers
  • Test Session Timeout- PII/PCI DSS– 20 Mins
  • 2 FA – Two Factor
  • Session Hijacking — XSS
  • Authorization
  • Role Definitions — Creating permission matrix
  • Horizontal privilege escalation
  • Vertical privilege escalation
  • Missing Function Level Access Control
  • Insecure Direct Object References — IDOR
  • Introduction to Cross Site Scripting
  • Reflected Cross Site Scripting
  • Stored/Persistent Cross Site Scripting
  • Browser – Document Object Model
  • DOM based Cross Site Scripting
  • Polyglots
  • The exploitation of Cross-Site Scripting — Http only flag for cookies/same site
  • Remediation of Cross Site Scripting
  • Input Validation
  • Whitelisting
  • Blacklisting
  • Output Encoding – Crane Problem
  • SQL Injections
  • Identification of Injections
  • In-band SQLi — Error-Based, Union-based SQLI
  • Inferential SQLi- blind – Bool Based, Time Based
  • Out-of-band SQLi
  • The exploitation of SQL Injections
  • SQL map
  • Manually extracting data — union Injection
  • Remediation of SQL Injection
  • Input Validation
  • Parameterized Queries
  • Understanding CSRF
  • Identification of CSRF
  • Exploitation of CSRF
  • File upload feature
  • File Size — big file
  • File canonicalization attack — ../../../
  • File to shell — shell.php, jsp,asp
  • File to malware — eicar.txt
  • Basics of SSRF
  • SSRF with XXE
  • SSRF in File Download
  • SSRF in File content fetch
  • SSRF in host connect (port scan)
  • Introduction to XML
  • Configuring XHttp request at client
  • Configuring XML parser at server
  • Identification of XXE
  • Exploitation of XXE
  • Remediation of XXE
  • Basics of Cryptography
  • Encoding – Crane Problem
  • Encryption
  • Ciphers
  • Symmetric Key Encryption
  • Asymmetric Key Encryption
  • Public Key cryptography
  • Hashing –md5, SHA1, SHA2
  • DS
  • DC
  • SSL Tests — Nmap Enum ciphers
  • Certificate Problems
  • Protocol Support
  • Key Exchange
  • Cipher Strength
  • False positives Elimination
  • Risk Analysis
  • Reporting
  • TCP IP model, 4 Layers of TCP model protocols
  • Connecting to a TCP/UDP port with Net cat
  • Listening on a TCP/UDP port with Net cat
  • Transferring files with Net cat
  • Sniffing Network Traffic with Wireshark
  • Following TCP Streams and HTTP Streams
  • TCP Port Scanning Basics
  • UDP Port Scanning Basics
  • Nmap – Network Sweeping
  • Nmap – OS fingerprinting
  • Nmap Banner Grabbing / Service Enumeration
  • National Vulnerability Database (NVD)
  • Exploit Database (Exploit DB)
  • Nessus Scanner
  • MSF Console
  • Auxiliary
  • Exploits`
  • Payload
  • Meterpreter – Reverse shell- Bind shell

What you'll learn

1.Reports and Analytics Code
2.Key Business supplies and Key presentation Indicators
3.Custom Traffic Variables, Traffic Features and Functions
4.Custom adaptation Variables, Conversion Features and Functions
5.Information Tools
6.Approval and Troubleshooting

Course Duration

Course Name
Type
Course Duration
Price
Adobe Analytics
Training
40 hrs
18,000/-
Adobe Analytics
Workshop
Adobe Analytics
Training & Workshop