Web Penetration Testing

Description

Module 01: Introduction
Lesson 01: Networking and protocol
Lesson 02: Hypertext Transfer Protocol (HTTP) & Hypertext Transfer Protocol Secure (HTTPS)
Module 02: Owasp Top 10
Lesson 01: Briefing about various frameworks
Lesson 02: Explaining the OWASP top 10
Module 03: Recon for bug hunting
Lesson 01: Subdomains enumeration
Lesson 02: Domains filtration
Lesson 03: Endpoints enumeration
Lesson 04: Grepping responses
Module 04: Advanced SQL Injection
Lesson 01: Union based SQLI
Lesson 02: SQL Authentication Bypass
Lesson 03: Error based SQLI
Lesson 04: Time-based SQLI
Lesson 05: In-band and out-of-band SQLI
Lesson 06: Create our own script to automate the process of Blind SQLi
Module 05: Command injection

Lesson 01: DVWA source code review
Lesson 02: PHP command injection with various functions
Lesson 03: Filter bypass
Module 06: Session Management and Broken Authentication Vulnerability
Lesson 01: Cookie hijacking
Lesson 02: HSTS policy bypass
Module 07: Cross-Site Request Forgery (CSRF)

Lesson 01: protection bypass
Module 08: Server Site Request Forgery (SSRF)
Lesson 01: Filter bypass
Lesson 02: Server-side configuration check
Module 09: Cross-Site Scripting (XSS)
Lesson 01: Explaining JavaScript
Lesson 02: Reflected JavaScript
Lesson 03: Stored JavaScript
Lesson 04: DOM-based JavaScript
Module 10: Insecure Direct Object Reference (IDOR)

Lesson 01: Universally Unique Identifier (UUID) protection
Module 11: Sensitive Data Exposure and Information Disclose
Lesson 01: GIT source code disclosure
Lesson 02: Client-side source code review
Module 12: Server Site Template Injection (SSTI)
Lesson 01: Template engine Explaining
Lesson 02: Various exploitation techniques with various Template engine
Module 13: Multi-Factor Authentication Bypass
Lesson 01: Brute-force attacks
Lesson 02: Creating wordlists
Lesson 03: Logic errors bypass
Module 14: HTTP Request Smuggling
Lesson 01: Explaining HTTP/1.1 and HTTP/2
Lesson 02: CL-TE attack
Lesson 03: TE-CL attack
Lesson 04: TE-TE attack
Module 15: External Control of File Name or Path
Lesson 01: Whitelisting and blacklisting
Lesson 02: Bypassing blacklisting

Module 16: Local File Inclusion (LFI) and Remote File Inclusion (RFI)
Lesson 01: Traversal payload
Lesson 02: Bypass WAF
Lesson 03: Reading and inclusion difference
Module 17: Directory Path Traversal

Lesson 01: Path traversal payload to read the file
Module 18: HTML Injection
Lesson 01: Explaining HTML web page
Lesson 02: Reflected HTML injection
Lesson 03: Stored HTML injection
Module 19: Host Header Injection
Lesson 01: Apache Config Brief
Lesson 02: Host header Explaining
Module 20: File Upload Vulnerability
Lesson 01: POST method explain
Lesson 02: Encoded POST method
Lesson 03: Various headers related to file upload
Module 21: JWT Token Attack
Lesson 01: JWT tokens algorithms
Lesson 02: Brute force on HS256 algo
Lesson 03: Logic error bypass
Module 22: Flood Attack on Web
Lesson 01: XXE vulnerability to cause DOS
Lesson 02: Business logic to cause DOS
Module 23: Report Writing
Lesson 01: POC ( proof of concept)
Lesson 02: Executive and Management Report
Lesson 03: Technical Report For IT and security Department