Web Penetration Testing Course Syllabus

  1. Module 01: Introduction

    Overview of Web Penetration Testing and the techniques involved.

  2. Module 02: OWASP Top 10

    An introduction to the OWASP Top 10 web application vulnerabilities.

  3. Module 03: Recon for Bug Hunting

    Techniques for reconnaissance and information gathering for bug hunting.

  4. Module 04: Advanced SQL Injection

    Deep dive into advanced SQL Injection techniques and mitigation strategies.

  5. Module 05: Command Injection

    Exploiting command injection vulnerabilities in web applications.

  6. Module 06: Session Management and Broken Authentication Vulnerability

    Analyzing session management and broken authentication vulnerabilities.

  7. Module 07: CSRF - Cross Site Request Forgery

    Understanding and exploiting CSRF vulnerabilities in web applications.

  8. Module 08: SSRF - Server Side Request Forgery

    Exploiting SSRF vulnerabilities and its impacts on web security.

  9. Module 09: XSS - Cross Site Scripting

    Techniques for exploiting XSS vulnerabilities and defending against them.

  10. Module 10: IDOR - Insecure Direct Object Reference

    Exploring and exploiting IDOR vulnerabilities in web applications.

  11. Module 11: Sensitive Data Exposure and Information Disclosure

    Understanding the risks of sensitive data exposure and information disclosure.

  12. Module 12: SSTI - Server Side Template Injection

    Exploiting Server Side Template Injection vulnerabilities in web applications.

  13. Module 13: Multi Factor Authentication Bypass

    Techniques for bypassing Multi Factor Authentication (MFA) systems.

  14. Module 14: HTTP Request Smuggling

    Understanding HTTP Request Smuggling attacks and mitigation techniques.

  15. Module 15: XXE - XML External Entities

    Exploiting XXE vulnerabilities and preventing attacks.

  16. Module 16: LFI - Local File Inclusion and RFI - Remote File Inclusion

    Exploring LFI and RFI vulnerabilities in web applications and how to exploit them.

  17. Module 17: Source Code Disclosure

    Understanding the risks and implications of source code disclosure.

  18. Module 18: Directory Path Traversal

    Exploiting directory path traversal vulnerabilities in web applications.

  19. Module 19: HTML Injection

    Understanding and exploiting HTML injection vulnerabilities in web applications.

  20. Module 20: Host Header Injection

    Exploring Host Header Injection vulnerabilities and their impact on web security.

  21. Module 21: SQL Authentication Bypass

    Techniques for bypassing SQL-based authentication systems.

  22. Module 22: File Upload Vulnerability

    Exploiting file upload vulnerabilities and how to mitigate them.

  23. Module 23: JWT Token Attack

    Understanding and exploiting vulnerabilities in JWT token authentication.

  24. Module 24: Security Misconfiguration

    Identifying and exploiting security misconfigurations in web applications.

  25. Module 25: URL Redirection

    Exploring and exploiting URL redirection vulnerabilities.