Course Content
– VA v/s PT
– VA approach
– PT approach
– Exploring the various servers and clients
– Discussion of the various web architectures
– Discovering how session state works
– The HTTP protocols
– Secure Sockets Layer(SSL)
– WHOIS and DNS reconnaissance
– Reverse Lookup
– Shodan
– Google Dorking
– Web Archive
– Subdomain Enumeration
– Eyewitness
– Backend detection
– Directory fuzzing
– Configuration
– Scope management
– Intruder
– Task scheduler
– Spidering the webapp
– Burp Extensions
– Decoder
– Injection
– Broken Authentication
– Sensitive Data Exposure
– XML External Entities
– Broken Access Control
– Security Misconfiguration
– Cross site scripting
– Insecure deserialization
– Using Components with known vulnerabilities
– Insufficient Logging & Monitoring
– Acunetix
– Nikto
– Arachini
– Open S3 Bucket
– HTTP Parameter Pollution
– IDOR
– CSRF
– File Inclusion flaws
– Subdomain Takeover
– Host header Injection
– Logical flaws
– Securing Web apps
– Applying input validation
– IP Whitelisting
– Implementing access controls
– Removing HTTP headers
– Preventing CSRF with tokens
– Setting login limits
– Removing server configuration errors
Would you like to learn more about the course?
Click on the button and fill in the required information. Our team will get in touch with you to clarify your queries or questions.