HTTP Basic and Essential Tools

• Web Fundamental
• API Fundamental
• Encoding and Filtering
• Web application assessment methodologies

 

Information Gathering

• Overview of the web from a penetration tester's perspective
• WHOIS and DNS reconnaissance
• Interception Proxies
• Proxying SSL through Burp Suite
• Spider a website
• Brute forcing unlinked files and directories
• Web authentication mechanisms
• Fuzzing with Burp Intruder
• Burp sequencer

 

File Inclusion Vulnerability

• Remote File Inclusion (RFI)
• Local File Inclusion (LFI)
• File Inclusion to Remote Management
• How to see Vulnerability
• How to exploit Vulnerability
• Case Studies

 

Injection Vulnerability

• SQL injection
• Command Injection
• How to see Vulnerability
• How to exploit Vulnerability
• Case Studies

 

Cross-Site Scripting (XSS)

• Reflected XSS
• Dom-based XSS
• Stored XSS
• How to see Vulnerability
• How to exploit Vulnerability
• Case Studies

 

Cross Side Request Forgery

• Introduction
• How to see Vulnerability
• How to exploit Vulnerability
• Case Studies

 

Rate Limiting Vulnerability

• Introduction
• Password Attack
• OTP Attack
• How to see Vulnerability
• How to exploit Vulnerability
• Case Studies

 

Access Control Vulnerability

• Introduction
• Insecure Direct Object Reference
• How to see Vulnerability
• How to exploit Vulnerability
• Case Studies