- Home
- Courses
- Cyber Security
- Advanced Web Application Penetration Test Training
Curriculum
- 5 Sections
- 39 Lessons
- 5 Days
Expand all sectionsCollapse all sections
- 1. Day | General Knowledge and History of HTTP12
- 1.1Multi-Factor Authentication (MFA)
- 1.2Session Analysis
- 1.3HTTP Authentication
- 1.4Secure TLS Configuration
- 1.5Transport Layer Security (TLS, SSL)
- 1.6HTTP Strict Transport Security (HSTS)
- 1.7HTTP/2 and Its Differences
- 1.8Security-Related HTTP Headers
- 1.9Same Origin Policy (SOP)
- 1.10Cross-Origin Resource Sharing (CORS)
- 1.11Content Security Policy (CSP)
- 1.12Subresource Integrity (SRI)
- 2. Day | Testing Methodologies7
- 3. Day | OWASP TOP 1010
- 3.1A10-Unvalidated Redirects and Forwards?
- 3.2A8-Cross-Site Request Forgery (CSRF)?
- 3.3A7-Missing Function Level Access Control?
- 3.4A5-Security Misconfiguration?
- 3.5A6-Sensitive Data Exposure?
- 3.6A4-Insecure Direct Object References?
- 3.7A1-Injection?
- 3.8A3-Cross-Site Scripting (XSS)?
- 3.9A2-Broken Authentication and Session Management?
- 3.10A9-Using Components with Known Vulnerabilities?
- 4. Day | Practical Exercises – Part I5
- 5. Day | Practical Exercises – Part II5
- 5.1A10-Unvalidated Redirects and Forwards practical exercises
- 5.2A9-Using Components with Known Vulnerabilities practical exercises
- 5.3A8-Cross-Site Request Forgery (CSRF) practical exercises
- 5.4A7-Missing Function Level Access Control practical exercises
- 5.5A6-Sensitive Data Exposure practical exercises
A7-Missing Function Level Access Control practical exercises
Prev
