0% found this document useful (0 votes)

219 views9 pages

Web Application Penetration Testing Course Content

The document describes a Web Application Penetration Testing training course. The course teaches skills like web app analysis, information gathering, enumeration, and exploiting vulnerabilities commonly found in web and mobile apps. Students will learn techniques for exploiting and defending apps, performing static and dynamic app analysis, and finding vulnerabilities in source code. The target audience includes penetration testers, developers, administrators, and security analysts with basic HTML and security experience. The training will provide hands-on experience in a cloud lab environment using tools to assess and exploit demo apps.

Uploaded by

happyfeet dash

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

219 views9 pages

Web Application Penetration Testing Course Content

Uploaded by

happyfeet dash

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 9

Course Description

Web Application Penetration Testing Training at Infosectrain is

designed to teach the details of web app penetration testing
in an immersive environment. Our trainers are experts of the
industry and they will teach you Web application analysis,
information gathering and enumeration to add to your skill.
Our Web Application Penetration Testing course will let you
have a hands-on penetration testing experience in our
cloud-hosted lab environment.You will be provided with an
app demonstrating a vulnerability commonly found in a Web
or mobile app. which will help you in learning to assess the
app and exploit it like an experienced professional.

Thus, during this WAPT course you will learn to:

• Exploit and defend web and mobile apps

• Perform static and dynamic analysis of iOS and

Android apps by using popular tools

• Find vulnerabilities in source code, and

• Exploit weaknesses in the implementation of web application

security

www.infosectrain.com | [email protected] 01
Target Audience
Web Application Penetration Testing Course is beneﬁcial for:

• Penetration testers
• Application developers
• Web administrators
• Security analysts

Pre-Requisite
• Basic understanding of HTML, HTTP and JavaScript.
• Knowledge of PHP code will help although it is not mandatory
• one year in an information security role, or equivalent experience
is recommended.

www.infosectrain.com | [email protected] 02
Why Infosec Train?

Certified & Flexible Schedule Access to the

Experienced Instructor recorded
sessions

Post Training Tailor Made Training 4 hrs/day in

Support Weekend/
Weekday

www.infosectrain.com | [email protected] 03
COURSE CONTENT

Web Application Assessment

Authentication vulnerabilities

Authorization vulnerabilities

Improper Input Validation & Injection

vulnerabilities

Insecure ﬁle handling

Session & browser manipulation attacks

Information leak

www.infosectrain.com | [email protected] 04
Course Content

Web Application Assessment

• OWASP Top 10 Vulnerabilities
• Threat Modelling Principle
• Site Mapping & Web Crawling
• Server & Application Fingerprinting
• Identifying the entry points
• Page enumeration and brute forcing
• Looking for leftovers and backup ﬁles

Authentication vulnerabilities
• Authentication scenarios
• User enumeration
• Guessing passwords - Brute force & Dictionary attacks
• Default users/passwords
• Weak password policy
• Direct page requests
• Parameter modiﬁcation
• Password ﬂaws
• Locking out users
• Lack of SSL at login pages
• Bypassing weak CAPTCHA mechanisms
• Login without SSL

Authorization vulnerabilities
• Role-based access control (RBAC)
• Authorization bypassing
• Forceful browsing
• Client-side validation attacks
• Insecure direct object reference

www.infosectrain.com | [email protected] 05
Improper Input Validation & Injection vulnerabilities

• Input validation techniques

• Blacklist VS. Whitelist input validation bypassing
• Encoding attacks
• OWASP Top 10 Vulnerabilities
• Directory traversal
• Threat Modelling Principle
• Command injection
• Site Mapping & Web Crawling
• Code injection
• Server & Application Fingerprinting
• Log injection
• Identifying the entry points
• XML injection – XPath Injection | Malicious files | XML Entity
• Page enumeration and brute forcing
• bomb
• Looking for leftovers and backup files
• LDAP Injection
• SQL injection
• Common implementation mistakes – authentication
• Bypassing using SQL Injection
• Cross Site Scripting (XSS)
• Reflected VS. Stored XSS
• Special chars – ‘ & < >, empty

Insecure ﬁle handling

• Path traversal • Directory listing
• Canonicalization • File size
• Uploaded ﬁles backdoors • File type
• Insecure ﬁle extension handling • Malware upload

Session & browser manipulation attacks

• Session management techniques • Session id rotation
• Cookie based session management • Session Fixation
• Cookie properties • Cross Site Request Forgery (CSRF)
• Cookies - secrets in cookies, tampering - URL Encoding
• Exposed session variables • Open redirect
• Missing Attributes - httpOnly, secure
• Session validity after logoff
• Long session timeout
• Session keep alive - enable/disable

www.infosectrain.com | [email protected] 06
Information leak

• Web Services Assessment

• Web Service Testing
• OWASP Web Service Speciﬁc Testing
• OWASP Top 10 Vulnerabilities
• Testing WSDL
• Threat Modelling Principle
• Sql Injection to Root
• Site Mapping & Web Crawling
• LFI and RFI]
• Server & Application Fingerprinting
• OWASP Top 10 Revamp
• Identifying the entry points
• Page enumeration and brute forcing
• Looking for leftovers and backup ﬁles

www.infosectrain.com | [email protected] 07
www.infosectrain.com | [email protected]

Red Team Capstone WriteUp
100% (1)
Red Team Capstone WriteUp
73 pages
Penetration Report
100% (2)
Penetration Report
66 pages
Penetration Test Report Mr. Robot
No ratings yet
Penetration Test Report Mr. Robot
12 pages
Week 2 Penetration Testing Report
No ratings yet
Week 2 Penetration Testing Report
6 pages
11 Mwri A Penetration Testers Guide To The Azure Cloud v1.2
No ratings yet
11 Mwri A Penetration Testers Guide To The Azure Cloud v1.2
57 pages
The Bug Hunters Methodology v3
No ratings yet
The Bug Hunters Methodology v3
64 pages
Perform A Web Penetration Test
No ratings yet
Perform A Web Penetration Test
197 pages
Web App Security for Developers
No ratings yet
Web App Security for Developers
8 pages
Netwrix Hardened Services Guide
No ratings yet
Netwrix Hardened Services Guide
116 pages
Cyber Security Lab Manual 2023-24
No ratings yet
Cyber Security Lab Manual 2023-24
27 pages
Top 100 Linux Commands PDF
100% (1)
Top 100 Linux Commands PDF
22 pages
Security+ Lab Answers
0% (1)
Security+ Lab Answers
160 pages
How-To: DNS Enumeration: Author: Mohd Izhar Ali
No ratings yet
How-To: DNS Enumeration: Author: Mohd Izhar Ali
13 pages
Offensive Manual Pages Deleted
100% (1)
Offensive Manual Pages Deleted
107 pages
Module 1 Network Security Introduction
No ratings yet
Module 1 Network Security Introduction
26 pages
A Complete Guide To Penetration Testing
100% (1)
A Complete Guide To Penetration Testing
4 pages
API Penetration Testing Guide
No ratings yet
API Penetration Testing Guide
15 pages
Web App Penetration Testing in Bug Bounties
No ratings yet
Web App Penetration Testing in Bug Bounties
57 pages
Certified Penetration Testing Professional CPTP
No ratings yet
Certified Penetration Testing Professional CPTP
12 pages
Real World Bug Hunting A Field Guide To Web Hacking 1st Edition Peter Yaworski Complete Edition
No ratings yet
Real World Bug Hunting A Field Guide To Web Hacking 1st Edition Peter Yaworski Complete Edition
106 pages
File Upload Exploitation
No ratings yet
File Upload Exploitation
36 pages
Attacked From Behind Application PDF
No ratings yet
Attacked From Behind Application PDF
24 pages
Sqli Manual
No ratings yet
Sqli Manual
86 pages
Web Application Pentesting Checklist
No ratings yet
Web Application Pentesting Checklist
23 pages
Web App Security: OWASP Top 10 Guide
No ratings yet
Web App Security: OWASP Top 10 Guide
16 pages
IS4560 Lab 1 Assessment Worksheet
No ratings yet
IS4560 Lab 1 Assessment Worksheet
4 pages
Events Codes For Fun & Profit
No ratings yet
Events Codes For Fun & Profit
19 pages
Offensive AD Enumeration Guide
No ratings yet
Offensive AD Enumeration Guide
101 pages
Pwntools
100% (1)
Pwntools
156 pages
Windows API For Red Team 102
No ratings yet
Windows API For Red Team 102
25 pages
Network Penetration Testing Course Online 1720400534
No ratings yet
Network Penetration Testing Course Online 1720400534
10 pages
CEH IT Security Penetration Testing Step
67% (3)
CEH IT Security Penetration Testing Step
42 pages
Security Testing by OWASP Top 10
No ratings yet
Security Testing by OWASP Top 10
30 pages
Pentest Checklists
No ratings yet
Pentest Checklists
20 pages
Multimaster
No ratings yet
Multimaster
33 pages
MASPT at A Glance
No ratings yet
MASPT at A Glance
14 pages
G O N Y: Ignite Technologies
No ratings yet
G O N Y: Ignite Technologies
34 pages
Automation of Penetration Testing
No ratings yet
Automation of Penetration Testing
131 pages
Active Directory Pentest Course-10
No ratings yet
Active Directory Pentest Course-10
11 pages
Dokumen - Pub - Sans 5603 Exploitation
No ratings yet
Dokumen - Pub - Sans 5603 Exploitation
196 pages
07-Flash Security
No ratings yet
07-Flash Security
3 pages
Metasploitable 2 CTF Walkthrogh
No ratings yet
Metasploitable 2 CTF Walkthrogh
27 pages
Internal Penetration Testing
No ratings yet
Internal Penetration Testing
22 pages
Windows Lateral Movement
100% (1)
Windows Lateral Movement
93 pages
VirSecCon All in One Slides by 1ndianl33t
No ratings yet
VirSecCon All in One Slides by 1ndianl33t
189 pages
Itec413 15
100% (1)
Itec413 15
33 pages
100 Vulnerabilities
0% (1)
100 Vulnerabilities
4 pages
Comptia Pentest
No ratings yet
Comptia Pentest
155 pages
OSCP Preparation
No ratings yet
OSCP Preparation
1 page
BootCamp Attacking and Defending Active Directory Beginner's Edition Syllabus
No ratings yet
BootCamp Attacking and Defending Active Directory Beginner's Edition Syllabus
2 pages
06-Session Security
No ratings yet
06-Session Security
48 pages
Security Testing Insights
No ratings yet
Security Testing Insights
37 pages
Bug Bounty Guide: Tools & Tips
100% (1)
Bug Bounty Guide: Tools & Tips
36 pages
EC-Council Univ-MSS Program Dtails
No ratings yet
EC-Council Univ-MSS Program Dtails
2 pages
Web Application Pentesting
No ratings yet
Web Application Pentesting
6 pages
Levelup0X Bug Bounty Hunting Training PDF
No ratings yet
Levelup0X Bug Bounty Hunting Training PDF
7 pages
Professional Bug Hunting & Advanced Web Application Course
No ratings yet
Professional Bug Hunting & Advanced Web Application Course
17 pages
Certified Application Security Course
No ratings yet
Certified Application Security Course
3 pages
Web Application Penetration Roadmap Roadmap Web Application Penetration Tester Roadmap Roadmap
No ratings yet
Web Application Penetration Roadmap Roadmap Web Application Penetration Tester Roadmap Roadmap
33 pages
Web App Penetration Testing Course
No ratings yet
Web App Penetration Testing Course
10 pages
Resetting 'Root' Password On AMS 2500
No ratings yet
Resetting 'Root' Password On AMS 2500
6 pages
Panduan Email CBN - Outlook 2013 2016
No ratings yet
Panduan Email CBN - Outlook 2013 2016
7 pages
SQL Injection 1728263716
No ratings yet
SQL Injection 1728263716
10 pages
Info ASS Mid
No ratings yet
Info ASS Mid
5 pages
Cybersecurity Syllabus
No ratings yet
Cybersecurity Syllabus
3 pages
SFTP
No ratings yet
SFTP
2 pages
Web App Threat Modeling Guide
100% (1)
Web App Threat Modeling Guide
55 pages
Isolated Host Compromise Analysis Lab
No ratings yet
Isolated Host Compromise Analysis Lab
10 pages
Office 365 Syllabus
No ratings yet
Office 365 Syllabus
2 pages
First Review PPT Template
No ratings yet
First Review PPT Template
16 pages
Mintu Pandya Bca NTCC
No ratings yet
Mintu Pandya Bca NTCC
40 pages
Identity Theft and Fraud Alert From Pittsfield Township, Mich., Police
No ratings yet
Identity Theft and Fraud Alert From Pittsfield Township, Mich., Police
2 pages
IS Question Bank
No ratings yet
IS Question Bank
4 pages
Number: 300-730 Passing Score: 825 Time Limit: 140 Min File Version: v1.10
No ratings yet
Number: 300-730 Passing Score: 825 Time Limit: 140 Min File Version: v1.10
53 pages
Enterprise-Grade Security For The Model Context
No ratings yet
Enterprise-Grade Security For The Model Context
11 pages
NCSC One Page OpSec Guide
No ratings yet
NCSC One Page OpSec Guide
1 page
006 مكتبة رفوف كورس الهاكر الاخلاقي
No ratings yet
006 مكتبة رفوف كورس الهاكر الاخلاقي
73 pages
Attack Surface Analysis and Threat Prediction With Cyber Threat Intelligence
No ratings yet
Attack Surface Analysis and Threat Prediction With Cyber Threat Intelligence
5 pages
Cybercrime & Security Essentials
No ratings yet
Cybercrime & Security Essentials
36 pages
Secure Remote Access For Your Workforce at Scale
No ratings yet
Secure Remote Access For Your Workforce at Scale
7 pages
HTB1
No ratings yet
HTB1
7 pages
Addressing Cybersecurity Challenges in Education
No ratings yet
Addressing Cybersecurity Challenges in Education
21 pages
Unit - I Classical Cryptosystem 9
No ratings yet
Unit - I Classical Cryptosystem 9
26 pages
KM Security White Paper
No ratings yet
KM Security White Paper
32 pages
Client Authentication Using Digital Certificates in Websphere Application Server Community Edition
No ratings yet
Client Authentication Using Digital Certificates in Websphere Application Server Community Edition
19 pages
Cyber Security (Sec 5TH Semester)
No ratings yet
Cyber Security (Sec 5TH Semester)
2 pages
Cryptography-One Time Pad Revisited - 2 (Compatibility Mode)
No ratings yet
Cryptography-One Time Pad Revisited - 2 (Compatibility Mode)
6 pages
ISO 27001 Evidence Collection Spreadsheet - Secureframe
No ratings yet
ISO 27001 Evidence Collection Spreadsheet - Secureframe
3 pages
Canarytokens - Danger For Attackers
No ratings yet
Canarytokens - Danger For Attackers
6 pages
CCS Module 6
No ratings yet
CCS Module 6
23 pages