Mode of session
- 15 to 20 hours Interactive Online Session and one hour per day
Benefits from Quality Learning
- One year access of recorded videos
- Online help, even after end of the course
Course Fee: $300 USD
What you will learn (Course Content)
Module 1: Introduction to Security Testing
- Why Security Testing? Brief history and Examples
- Career opportunities and Skill Development
Module 2. Http and Https Protocol Basics
- Header and Body
- Requests
- Responses – Status Codes
- How different from Http
- SSL and Set up
- Limitation
Module 3. Encoding vs Encryption
- Introduction
- Charsets
- Charset Vs Charset Encoding
- URL Encoding
- HTML Encoding
- Base 64
- Cryptography and Password Cracking
Module 4. Same Origin
- Introduction to Same Origin
- How SOP Works
- What does SOP Protect from?
- Examples and Exceptions
Module 5. Cookies
- Introduction
- Use of Cookies
- Types of Cookies
Module 6. Penetration Testing Process
- Introduction
- Threat Modelling
- Methodologies
- PTES
- OSSTMM
- OWASP Testing Techniques
Module 7. The Basic CIA Triad
- Authentication
- Authorization
- Confidentiality
- Integrity
- Non Repudiation/Accountability
- Availability
Module 8. Web application proxy usage Lab Session
- What is Proxy Server? How it works
- Burp Suite Configuration
- Understanding the Http Request and Response using Burp Suite
- Http Splitting
- Information Gathering
Module 9.Understanding OWASP Top 10 Security Threats
- Injection
- Weak authentication and session management
- XSS
- Insecure Direct Object References
- Security Misconfiguration
- Sensitive Data Exposure
- Missing Function Level Access Control
- Cross Site Request Forgery
- Using Components with Known Vulnerabilities
- Unvalidated Redirects and Forwards
|
Module 10.Hands On Sessions
- Access Control Flaws
- Bypass a Path Based Access Control Scheme
- Role Based Access Control
- Remote Admin Access
- AJAX Security
- Authentication Flaws
- Various authentication flaws
- Forgot Password Exercises
- Buffer Overflows
- Concurrency
- Thread safety Issues
- Handling Concurrency Flaws
- Cross-Site Scripting (XSS)
- Stored XSS Attacks
- Reflected XSS
- Cross Site Request Forgery
- CSRF Prompt and Token ByPass
- Improper Error Handling
- Injection Flaws
- SQL Injection
- Xpath Injection
- Denial of Service
- Insecure Communication
- Insecure Configuration
- Insecure Storage
- Malicious Execution
- Parameter Tampering
- Hidden Variables
- URLs
- Form Data
- Session Management Flaws
- Session Hijacking
- Session Fixation
- Cookie Spoofing
- Advanced Web Attacks – Web Services
- WSDL Scanning
- Web Services – SAX
Module 11.Web Services Flaws
- What are web services and Flaws around Web Services
- Web Services – SAX Injection
- Web Services – SQL Injection
Module 12. Using Security Testing Tools – Open Source and Commercial
Module 13 Challenge Round – Perform Penetration Testing on a given sample Application
|
Watch Orientation Session
If any questions, please drop an email to contact@qualitylearning.in know more.