Web Penetration Testing - WPT

Course Prerequisite(s)

Please note that this course has the following prerequisites which must be completed before it can be accessed
OWASP TOP 10

About Course

Web Penetration Testing (Web Pentesting) involves a comprehensive evaluation of web applications to identify security vulnerabilities that could be exploited by attackers. It includes methods such as automated scanning and manual testing to uncover issues like SQL injection, cross-site scripting (XSS), and insecure configurations. The process aims to simulate real-world attack scenarios, providing detailed insights into potential risks and weaknesses. Ultimately, Web Pentesting helps organizations secure their web applications by addressing vulnerabilities before they can be exploited maliciously.

Course Content

Introduction to web penetration testing

Overview of penetration testing
00:00
penetration testing
00:00
importance of pen testing
00:00
Types of penetration testing
00:00
Ethical Hacking concepts
00:00
White Hat vs. Black Hat vs. Gray Hat
00:00
Legal Considerations and Compliance
00:00
Code of conduct
00:00

Web Application Basics

Authentication and Access Control

Information Gathering and Reconnaissance

Identifying And exploiting Common web vulnerabilities

Hands -on Labs and Real -World Scenarios

Final Project

Final Exam

Student Ratings & Reviews

No Review Yet

Course Prerequisite(s)

About Course

Course Content

Introduction to web penetration testing

Overview of penetration testing

penetration testing

importance of pen testing

Types of penetration testing

Ethical Hacking concepts

White Hat vs. Black Hat vs. Gray Hat

Legal Considerations and Compliance

Code of conduct

Web Application Basics

Web Application Architecture

Client-server Model

HTTP/HTTPS protocols

Common Web Technologies (HTML, CSS, JavaScript)

Introduction to web servers and databases

Web servers(Apache, Nginx)

Databases (SQl, NoSQL)

Setting up the Testing environment

Building Lab Environment with virtual Machines and networks

Installing and configuring Testing Tools

Penetration testing Frameworks and tools

OWASP ZAP

Burpsuite

Metasploit Framework

Nmap

Authentication and Access Control

Introduction to Authentication

Bruteforce Attacks through walkthrough

Session Tokens and sequencer through walkthrough

Multi factor Authentication through walkthrough

Access Control

Information Gathering and Reconnaissance

Passive Information Gathering

WHOIS Lookups

DNS Enumeration

Google Dorking

Active Information Gathering

Port Scanning

Banner Grabbing

vulnerability Scanning

Identifying And exploiting Common web vulnerabilities

Introduction

Lab Setup (with instructions)

SQL injection – Introduction

SQL injection – UNION

SQL injection- Blind part 1

SQL injection- Blind part 2

SQL injection – Challenge Walkthrough

Cross -site scripting (XSS)

Reflected XSS

Stored XSS

DOM Based XSS

XSS Challenge walkthrough

Command Injection – Introduction

Command Injection – Basics

Command Injection – Blind / out-of- Band

Command Injection – challenge walkthrough

Insecure File Upload -Introduction

Insecure File Upload -Basics Bypass

Insecure File upload – Magic Bytes

Insecure File upload- Challenge walkthrough

Attacking Authentication-Introduction

Attacking Authentication-Bruteforce

Attacking Authentication-MFA

Attacking Authentication -Challenge Walkthrough

Server-side Request Forgery (SSRF)

Introduction to SSRF

Walkthrough

Blind -SSRF

Walkthrough

Cross-site Request Forgery (CSRF)

Introduction to CSRF

Walkthrough

XXE (XML External Entity Injection)

introduction to XXE

Common XXE Attacks

Walkthrough