<p><p>
<p>“Sec_rity is incomplete without “U” “</p>
APPLICATION SECURITY PENETRATION TESTING
(WEB APPLICAITON HACKING )
Here is the content of the Application Security Penetration Testing course (AppSec). AppSec is designed for the job seekers who has interested in getting into information security domain. AppSec is the best course to get job faster. And for those who want to switch their domain to information security without losing the experience this is the best course. This covers basics to advanced level. We designed our course as per industry requirements and standards (OWASP), the content we cover listed below
“Sec_rity is incomplete without “U” “
PREQUISITES FOR GETTING IN TO HACKING
Note: Trainer will be teaching pre-requisites as well so anyone can learn this course
Networking Basics
IP addressing, Routing, Network Configurations
OSI 7 Layer Model
Protocols: TCP, UDP, ICMP, Ports, DNS, DHCP, SMTP, POP3, IMAP, HTTP, HTTPS, FTP
Analyzing Network Protocols with Wireshark Tool
Operating System
Kali Linux OS installation and commands
Virtual machines- VMWare/Virtual Box Basics
Web/Database Technologies Basics
HTML, HTML5, JavaScript, MySQL
Web Application Architectures
Cryptography Concepts
Encoding, Encryption
Symmetric Encryption, Asymmetric Encryption
Hashing, Digital Signatures, Public Key Infrastructure (PKI )
Security Testing Terminologies an Concepts
Black Box, Grey Box and White Box
Static Analysis Security Testing (SAST) and Dynamic Analysis Security Testing (DAST )
Vulnerability Assessment (VA) and Penetration Testing (PT)
SDLC and Secure SDLC
OWASP Top 10 -2017 Attacks
A1-INJECTION
A2-BROKEN AUTHENTICATION
A3-SENSITIVE DATA EXPOSURE
A4-XML EXTERNAL ENTITIES ( XXE)
A5-BROKEN ACCESS CONTROLS
A6-SECURITY MISCONFIGURATION
A7-CROSS SITE SCRIPTING (XSS)
A8-INSECURE DESERIALIZATION
A9-USING COMPONENTS WITH KNOWN VULNERABILITIES
A10-INSUFFIENT LOGGING AND MONITORING
1. Information Gathering
Conduct Search Engine Discovery and Reconnaissance for Information Leakage
Port scanning
Fingerprint Web Server
Review Web server Meta files for Information Leakage
Enumerate Applications on Web server
Review Web page Comments and Meta data for Information Leakage
Identify application entry points
Fingerprint Web Application Framework
Fingerprint Web Application
2. Configuration and Deployment Management Testing
Test Application Platform Configuration
Test File Extensions Handling for Sensitive Information
Review Old, Backup and Unreferenced Files for Sensitive Information
Enumerate Infrastructure and Application Admin Interfaces
HTTP Methods
HTTP Strict Transport Security
Test RIA cross domain policy
3. Identity Management Testing
Test Role Definitions
Test User Registration Process
Test Account Provisioning Process
Testing for Account Enumeration and Guessable User Account
Testing for Weak or unenforced username policy
4. Authentication Testing
Testing for Credentials Transported over an Encrypted Channel
Testing for default credentials
Testing for Weak lock out mechanism
Testing for bypassing authentication schema
Test remember password functionality
Testing for Browser cache weakness
Testing for Weak password policy
Testing for weak password change or reset functionalities
Testing for Weaker authentication in alternative channel
5. Authorization Testing
Directory traversal/file inclusion attack
Bypassing authorization schema
Privilege Escalation
Insecure Direct Object Reference
6. Session Management Testing
Testing for Bypassing Session Management Schema
Testing for Cookies Security attributes
Testing for Session Fixation Vulnerability
Testing for Exposed Session Variables
Testing for logout functionality
Test Session Timeout
Testing for Session puzzling
7. Input Validation Testing
HTTP Verb Tampering
HTTP Parameter pollution
XML Injection
SQL Injection
XPath Injection
Local File Inclusion
Remote File Inclusion
Command Injection attack
Reflected Cross Site Scripting
Stored Cross Site Scripting
HTTP Splitting/Smuggling
8. Cryptography Attacks
Weak SSL/TLS Ciphers, Insufficient Transport Layer Protection
Collision Attack
POODLE Attack
Heart-bleed Attack
Sensitive information sent via unencrypted channels
9. Business Logic Testing
Test Business Logic Data Validation
Test Ability to Forge Requests
Test Integrity Checks
Test for Process Timing
Test Number of Times a Function Can Be Used Limits
Testing for the Circumvention of Work Flows
Upload of Unexpected File Types
Upload of Malicious Files
10. Client Side Testing
DOM based Cross Site Scripting
HTML Injection
Client Side URL Redirect
Cross Site Flashing
Click jacking
Test Local Storage
11. Automated Vulnerability Scanning Tools
Commercial Scanners
Nessus web vulnerability scanner
Acunetix WVS – Recorded Session
BurpSuite Professional Scanner
Fortify Web Inspect Scanner
Open Source/ free Scanners
Nikto ,UniScan , WPScan, Joomscan
12. Reporting
Various Tool Reports and Manual Reporting
Risk Analysis, CVSS 3.0 score system
13. Mobile Application Penetration testing
Android reverse engineering
Penetration Testing mobile application
14. Web Services Security Testing Basics
SOAP Application Testing
Rest Application Testing
[/av_textblock]
[/av_two_third]