Web Application Hacking and Security


Duration: 75+ Hrs

Mode: Offline

Code: SDC23CS001

Enroll

Syllabus

  1. Introduction.
    • The evolution of web applications
    • Web application security.
    • Setting up virtual machines.
    • Setting up lab environment.
      • Installing ZAP.
      • Installing Burp suite.
      • Setting up OWASP Juice Shop.
    • Git and Github basics.
    • Markdown basics.
  2. Web Application Technologies
    • HTML and JavaScript.
    • The HTTP Protocol.
    • Web Functionality.
      • Server-Side Functionality.
      • Client-Side Functionality.
      • State and Sessions.
    • Encoding Schemes.
  3. Networks and Linux Basics.
    • Introduction to Different linux distros.
    • Basic Linux commands.
    • DNS.
    • Network.
    • Web Hosting.
    • Ports and Firewall.
    • Working with Nmap.
  4. SQL injection
    • Examining the database in SQL injection attacks
    • SQL injection UNION attacks
    • Blind SQL injection
    • SQL injection cheat sheet
    • Preventing SQL injection.
  5. Authentication vulnerabilities
    • What is authentication?
    • Difference between authentication and authorization.
    • Impact of vulnerable authentication
    • Vulnerabilities in password-based authentication
    • Vulnerabilities in multi-factor authentication
    • Vulnerabilities in other authentication mechanisms
    • Vulnerabilities in OAuth authentication
    • Securing your authentication mechanisms
  6. Directory traversal
    • What is directory traversal?
    • Reading arbitrary files via directory traversal
    • Common obstacles
    • Preventing directory traversal attack.
  7. OS Command Injection
    • What is command injection?
    • Executing arbitrary commands
    • Blind command injection vulnerabilities
    • Preventing OS command injection attack.
  8. Business Logic Vulnerabilities
    • What are business logic vulnerabilities?
    • How do business logic vulnerabilities arise?
    • Impact.
    • Preventing business logic vulnerabilities.
  9. Information disclosure vulnerabilities
    • What is information disclosure?
    • How do information disclosure vulnerabilities arise?
    • Impact
    • Testing for information disclosure
    • Common sources of information disclosure
    • Preventing information disclosure
  10. Access control & privilege escalation
    • What is access control?
    • Vertical privilege escalation
    • Horizontal privilege escalation
    • Horizontal to vertical privilege escalation
    • Insecure direct object references (IDOR)
    • Vulnerabilities in multi-step processes
    • Vulnerabilities in Referer-based controls
    • Vulnerabilities in location-based controls
    • Preventing access control vulnerabilities
  11. File upload vulnerabilities
    • What are file upload vulnerabilities?
    • Impact
    • How do file upload vulnerabilities arise?
    • Static files handling
    • Exploiting unrestricted file uploads to deploy a web shell
    • Exploiting flawed validation of file uploads
    • Exploiting file upload vulnerabilities without remote code execution
    • Uploading files using PUT
    • Preventing file upload vulnerabilities
  12. Server-side request forgery (SSRF)
    • What is SSRF?
    • Impact
    • Common SSRF attacks
    • Circumventing common SSRF defenses
    • Blind SSRF vulnerabilities
    • Finding hidden attack surface for SSRF
  13. Cross-site scripting (XSS)
    • Impact of XSS
    • Reflected XSS
    • Stored XSS
    • DOM-based XSS
    • Cross-site scripting contexts
    • Client-side template injection
    • Exploiting cross-site scripting vulnerabilities
    • Dangling markup injection
    • Content security policy
    • Preventing XSS
    • Cross-site scripting (XSS) cheat sheet
  14. Cross-site request forgery (CSRF)
    • Impact
    • XSS vs CSRF
    • Bypassing CSRF token validation
    • Bypassing SameSite cookie restrictions
    • Bypassing Referer-based CSRF defenses
    • Preventing CSRF vulnerabilities
  15. Cross-Origin Resource Sharing (CORS)
    • Same-origin policy (SOP)
    • What is CORS?
    • Access-Control-Allow-Origin(ACAO) response header
    • Preventing attacks.
  16. JWT Attacks
    • JSON web tokens (JTWs)
    • What are JWT attacks?
    • Impact of JWT attacks
    • How vulnerabilities arise
    • Exploiting flawed JWT signature verification
    • Brute-forcing secret keys
    • JWT header parameter injections
    • Preventing attacks
  17. A Web Application Hacker’s Methodology
    • Map the Application’s Content
    • Analyze the Application
    • Test Client-Side Controls
    • Test the Authentication Mechanism
    • Test the Session Management Mechanism
    • Test Access Controls
    • Test for Input-Based Vulnerabilities
    • Test for Function-Specific Input Vulnerabilities
    • Test for Logic Flaws
    • Test for Shared Hosting Vulnerabilities
    • Test for Application Server Vulnerabilities
    • Miscellaneous Checks
    • Follow Up Any Information Leakage