06 September, 2022
No Comments

VAPT_Training

This course covers both Web App Security and Network Security

Module 1: Application Development

Installation of LAMP server (Docker/GCP/My Server)

Application Architecture

HTTP Request and Response

Header and Body

Identify application entry points

Map Application Architecture

Test HTTP Methods

Test HTTP Strict Transport Security

Module 2: Burp Suite and ZAP

Introduction to burp Suite

Burp Proxy

Burp Intruder

Burp repeater

Burp Sequencer

Burp Extender

Introduction to ZAP

Scan Policy Manager (Analyse)

Tools

Report

ZAP Modes

Module 3: Authentication and Authorization–IAM

Authentication

Testing for Credentials Transported over un-Encrypted Channel

Testing for default credentials

Testing for Weak lock out mechanism

Testing for Browser cache weakness

Session Management

Cookie -Testing for Cookie attributes –secure flag and http-only

Predictable Tokens and Weak Randomness

Session Fixation and replay

Testing for logout functionality with AuthN providers

Test Session Timeout-PII/PCI DSS–20 Mins

2 FA-Two Factor

Session Hijacking –XSS

Authorization

Role Definitions –Creating permission matrix

Horizontal privilege escalation

Vertical privilege escalation

Missing Function Level Access Control

Insecure Direct Object References —IDOR

Module 4: Cross Site Scripting (XSS/CSS)

Introduction to Cross Site Scripting

Reflected Cross Site Scripting

Stored/Persistent Cross Site Scripting

Browser -Document Object Model

DOM based Cross Site Scripting

Polyglots

The exploitation of Cross-Site Scripting –Http only flag for cookies/same site

Remediation of Cross Site Scripting

Input Validation

Whitelisting

Blacklisting

Output Encoding –Crane Problem

Module 5:SQL Injection

SQL Injections

Identification of Injections

In-band SQLi –Error-Based, Union-based SQLI

Inferential SQLi-blind -Bool Based, Time Based

Out-of-band SQLi

The exploitation of SQLInjections

SQL map

Manually extracting data –union Injection

Remediation of SQL Injection

Input Validation

Parameterized Queries

Module 6: Cross-site Request Forgery

Understanding CSRF
Identification of CSRF
Exploitation of CSRF
Remediation of CSRF

Module 7: File upload to Shell

File upload feature
File Size –big file
File canonicalization attack —../../../
File to shell –shell.php, jsp,asp
File to malware –eicar.txt

Module 8: SSRF vulnerability

Basics of SSRF
SSRF with XXE
SSRF in File Download
SSRF in File content fetch
SSRF in host connect (port scan)

Module 9: XML External Entity (XXE) Processing

Introduction to XML
Configuring XHttp request at client
Configuring XML parser at server
Identification of XXE
Exploitation of XXE
Remediation of XXE

Module 10: Cryptography and SSL

Basics of Cryptography
Encoding –Crane Problem
Encryption
Ciphers
Symmetric Key Encryption
Asymmetric Key Encryption
Public Key cryptography
Hashing –md5, SHA1, SHA2
DS
DC
SSL Tests –NmapEnumciphers
Certificate Problems
Protocol Support
Key Exchange
Cipher Strength

Module 11: Automation Tools

False positives Elimination

Risk Analysis

Reporting

Module 12: Networking -Net catand Wireshark

TCP IP model, 4 Layers of TCP model protocols

Connecting to a TCP/UDP port with Net cat

Listening on a TCP/UDP port with Net cat

Transferring files with Net cat

Sniffing Network Traffic with Wireshark

Following TCP Streams and HTTP Streams

Module 13: Port scanning -NMAP

TCP Port Scanning Basics

UDP Port Scanning Basics

Nmap -Network Sweeping

Nmap -OS fingerprinting

Nmap Banner Grabbing / Service Enumeration

Module 14: Mapping Services to Vulnerabilities

National Vulnerability Database (NVD)

Exploit Database (Exploit DB)

Nessus Scanner

Module 15: Exploitation Framework -Metasploit

MSF Console

Auxiliary

Exploits

Payload

Meterpreter -Reverse shell-Bind shell

VAPT_TRAINING