• Post category:StudyBullet-4
  • Reading time:8 mins read


Introductory course about web application penetration testing

What you will learn

Learn the proper Penetration Testing process for Website Application

Learn the difference between active and passive reconnaissance and how to leverage sites and tools to build a technical understanding of the target’s assets.

Learn how to properly identify vulnerabilities

Learn how to exploit vulnerabilities manually (via TryHackMe)

Learn the basic components to write a professional penetration testing report for web application

Description


Get Instant Notification of New Courses on our Telegram channel.


The Web App Penetration Testing course is an online and self-paced technical training course that provides all the basic skills necessary to carry out a thorough and professional penetration test against website applications.

This technical training course was designed for those having no experience in testing the security of a website application, but wanting to learn how to start and properly execute the website application penetration testing so that they can use it for their organization to effectively protect their assets against cyber attacks or for individuals who would like to kick-off their career in information security.

This technical training course will help students move beyond the push-button scanning to professional, thorough, and high-value web application penetration testing. This will also enable students to assess the website application’s security posture and convincingly demonstrate the business impact should attackers exploit the discovered security vulnerability.

This technical training course will be updated from time to time based on the tactics, techniques and procedures of each security vulnerability. So purchasing this course gets you a lifetime access to all updates.

Note that this technical training course is meant for education purpose only. Any actions and/or activities related to the material contained within this course is solely your responsibility. The instructor will not be held responsible in the event any criminal charges be brought against any individuals misusing the information used in this course to break the law.

English
language

Content

Introduction

Whoami and Course Introduction
Lab Setup and Discord Server
Introduction to Web App Penetration Testing

Pre-Attack Phase

Scoping
Scoping Questionnaire
Rules of Engagement
Reconnaissance

Pre-Attack Phase: Asset Discovery

Asset Discovery Overview
Whoxy
Whoxy – Demo
Google Advanced Search
Google Advanced Search – Demo
Shodan
Shodan – Demo
Autonomous System Number (ASN)
Autonomous System Number (ASN) – Demo
Cloudflare
Cloudflare – Demo
Certificate Transparency
Certificate Transparency – Demo
Subfinder
Subfinder – Demo

Pre-Attack Phase: Content Discovery

Content Discovery Overview
HTTP Probing using httpx
HTTP Probing using httpx – Demo
Visual Identification using Aquatone
Visual Identification using Aquatone – Demo
Technology Profiling using Builtwith and Wappalyzer
Technology Profiling using Builtwith and Wappalyzer – Demo
Fuzzing using ffuf
Fuzzing using ffuf – Demo
URL Extraction using gau
URL Extraction using gau – Demo
Endpoint Extraction using LinkFinder
Endpoint Extraction using LinkFinder – Demo
Parameter Discovery using ParamSpider
Parameter Discovery using ParamSpider – Demo

Attack Phase: Open Source Scanners and BurpSuite

Open Source Scanners Overview
WPScan Overview
WPScan – Demo
Joomscan Overview
Joomscan – Demo
Droopescan Overview
Droopescan – Demo
CMSeeK Overview
CMSeeK – Demo
Nuclei Overview
Nuclei – Demo
Introduction to BurpSuite

Attack Phase: Vulnerabilities

Top Vulnerabilities and Weakness Classification
Domain/Subdomain Takeover Overview
Domain/Subdomain Takeover – Demo
Path Traversal and Local File Inclusion Overview
Remote File Inclusion Overview
OS Command Injection Overview
Cross-Site Scripting Overview
SQL Injection Overview
Exposure of Git Repository Overview
Information Exposure Overview
Information Exposure – Demo
Brute Force Overview
Unrestricted File Upload Overview
Insecure Direct Object Reference Overview
XML External Entities Overview
Server-Side Request Forgery Overview
Server-Side Template Injection Overview

Post-Attack Phase

Severity Levels
Penetration Testing Report

Practical Website Application Penetration Testing Certification Path

Practical Certification Path

Closing

Thank you!