Scribd
Upload
288 views

Penetration Testing Web Application - Web Application (In) Security

The document outlines a penetration testing training course covering web application security over 9 sessions totaling 30 hours. The sessions will cover identifying and exploiting common web vulnerabilities like SQL injection, cross-site scripting, session hijacking, file inclusion, web services issues, and attacks on web servers, caching servers, HTML5 applications, and Android apps. Attendees will learn about security risks, penetration testing techniques, and how to use tools to conduct hands-on exercises attacking sample web applications.

Uploaded by

farah_nishu
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
288 views

Penetration Testing Web Application - Web Application (In) Security

The document outlines a penetration testing training course covering web application security over 9 sessions totaling 30 hours. The sessions will cover identifying and exploiting common web vulnerabilities like SQL injection, cross-site scripting, session hijacking, file inclusion, web services issues, and attacks on web servers, caching servers, HTML5 applications, and Android apps. Attendees will learn about security risks, penetration testing techniques, and how to use tools to conduct hands-on exercises attacking sample web applications.

Uploaded by

farah_nishu
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

Penetration Testing Web Application/Web

Application (In) Security


Session-1 (Setting the stage) Duration 4 hours

Web application security risks/ (in)securities


Myth of web application security and reality
Security Assessment VS Penetration Testing
OWASP Testing Framework
OWASP Top 10 Web Application Security Risks for 2013
Basic HTTP and HTTPS protocols
Information gather on target
Familiar with some tools need rest of the course

Session-2 (Injection venerability) Duration 4 hours


Sql Injection
Brief
Tools
Hands on

Session-3 (JavaScript f34r) Duration 8 hours


WEB BROWSER SECURITY MODELS
XSS (Cross site scripting) How, Why mitigation
CSRF ( Cross site request forgery)
LDAP (injection)
SSI ( Server side include)
OS Commanding

Session-4 (Who take my session) Duration 4 hours


Session (*)ing
HTTP verb tampering
Web shell/backdo0r
RFI/LFI

Session -5 (SOA oops) Duration 4 hours

Web service OPPs


Attacking WCF
XML injection
Xpath injection
Ajax (in) security

Session -6 (Web 2.0 angels) Duration 2 hours


Flash Security Model
Attacking RIA
HTTP Ddos
Automated tools
Session -7 (Lets make it down) Duration 2 hours
(In) Security in web server iis , apache ,tomcat
Caching servers (In) Security
Memcached
Redis
Session -8 Duration 2 hours
HTML5 Attack Vectors
Session -9 Duration 4 hours
Android application pentesting

You might also like