Web Penetration Testing Course Syllabus
-
Module 01: Introduction
Overview of Web Penetration Testing and the techniques involved.
-
Module 02: OWASP Top 10
An introduction to the OWASP Top 10 web application vulnerabilities.
-
Module 03: Recon for Bug Hunting
Techniques for reconnaissance and information gathering for bug hunting.
-
Module 04: Advanced SQL Injection
Deep dive into advanced SQL Injection techniques and mitigation strategies.
-
Module 05: Command Injection
Exploiting command injection vulnerabilities in web applications.
-
Module 06: Session Management and Broken Authentication Vulnerability
Analyzing session management and broken authentication vulnerabilities.
-
Module 07: CSRF - Cross Site Request Forgery
Understanding and exploiting CSRF vulnerabilities in web applications.
-
Module 08: SSRF - Server Side Request Forgery
Exploiting SSRF vulnerabilities and its impacts on web security.
-
Module 09: XSS - Cross Site Scripting
Techniques for exploiting XSS vulnerabilities and defending against them.
-
Module 10: IDOR - Insecure Direct Object Reference
Exploring and exploiting IDOR vulnerabilities in web applications.
-
Module 11: Sensitive Data Exposure and Information Disclosure
Understanding the risks of sensitive data exposure and information disclosure.
-
Module 12: SSTI - Server Side Template Injection
Exploiting Server Side Template Injection vulnerabilities in web applications.
-
Module 13: Multi Factor Authentication Bypass
Techniques for bypassing Multi Factor Authentication (MFA) systems.
-
Module 14: HTTP Request Smuggling
Understanding HTTP Request Smuggling attacks and mitigation techniques.
-
Module 15: XXE - XML External Entities
Exploiting XXE vulnerabilities and preventing attacks.
-
Module 16: LFI - Local File Inclusion and RFI - Remote File Inclusion
Exploring LFI and RFI vulnerabilities in web applications and how to exploit them.
-
Module 17: Source Code Disclosure
Understanding the risks and implications of source code disclosure.
-
Module 18: Directory Path Traversal
Exploiting directory path traversal vulnerabilities in web applications.
-
Module 19: HTML Injection
Understanding and exploiting HTML injection vulnerabilities in web applications.
-
Module 20: Host Header Injection
Exploring Host Header Injection vulnerabilities and their impact on web security.
-
Module 21: SQL Authentication Bypass
Techniques for bypassing SQL-based authentication systems.
-
Module 22: File Upload Vulnerability
Exploiting file upload vulnerabilities and how to mitigate them.
-
Module 23: JWT Token Attack
Understanding and exploiting vulnerabilities in JWT token authentication.
-
Module 24: Security Misconfiguration
Identifying and exploiting security misconfigurations in web applications.
-
Module 25: URL Redirection
Exploring and exploiting URL redirection vulnerabilities.