Web Application Penetration Testing (WAPT)
WAPT (Web Application Penetration Testing) involves ethical hackers assessing web application security by simulating attacks. The objective is to find and fix vulnerabilities before malicious actors exploit them.
Web Application Testing (WAPT)
Web App Pen testing is about finding and exploiting web app vulnerabilities to assess security and enhance protection.
What you'll learn
- Understanding Security Protocols.
- Penetration Testing Techniques.
- Ethical Hacking Tools.
- Incident Response and Reporting
- Legal and Ethical Aspects
✔ 1.1: Kali Linux Overview
✔ 1.2: Installing VMWare / Kali Linux
✔ 1.3: Navigating the File System
✔ 1.4: Users and Privileges
✔ 1.5: Repositories & Settings
✔ 1.6: Common Network Commands
✔ 1.7: Viewing, Creating, and Editing Files
✔ 1.8: Starting and Stopping Services
✔ 1.9: Installing and Updating Tools
✔ 2.1: Networking Concepts
✔ 2.2: Networking Devices, Protocols and Services, and Tools
✔ 2.3: OSI Model & TCP/IP Model, IP & MAC Addresses. Static & Dynamic IP
✔ 2.4: Portforwarding & Protocols: DNS, SSH, FTP, TELNET, HTTP, SSL, POP, SMB, RDP
✔ 2.5: VPN & Proxies IP Addresses, VPS Server
✔ 3.1: Types of Testing
✔ 3.2: White Box, Black Box, and Grey Box Testing
✔ 3.3: Networking and Protocol
✔ 3.4: HTTP & HTTPS
✔ 4.1: Briefing About Various Frameworks
✔ 4.2: Explaining the OWASP Top 10
✔ 5.1: Subdomains Enumeration
✔ 5.2: Domains Filtration
✔ 5.3: Endpoints Enumeration
✔ 5.4: Grepping Responses
✔ 6.1: Union Based SQLI
✔ 6.2: Error Based SQLI
✔ 6.3: Time-Based SQLI
✔ 6.4: In-band and Out-of-band SQLI
✔ 6.5: Create Our Own Script to Automate the Process of Blind SQLi
✔ 7.1: DVWA Source Code Review
✔ 7.2: PHP Command Injection with Various Functions
✔ 7.3: Filter Bypass
✔ 8.1: Cookie Hijacking
✔ 8.2: HSTS Policy Bypass
✔ 9.1: Protection Bypass
✔ 10.1: Filter Bypass
✔ 10.2: Server-Side Configuration Check
✔ 12.1: Explaining JavaScript
✔ 12.2: Reflected JavaScript
✔ 12.3: Stored JavaScript
✔ 12.4: DOM-Based JavaScript
✔ 13.1: UUID Protection
✔ 14.1: GIT Source Code Disclosure
✔ 14.2: Client-Side Source Code Review
✔ 15.1: Template Engine Explaining
✔ 15.2: Template Engine Explaining
✔ 16.1: Brute-Force Attacks
✔ 16.2: Creating Wordlists
✔ 16.3: Logic Errors Bypass
✔ 17.1: Explaining HTTP/1.1 and HTTP/2
✔ 17.2: CL-TE Attack
✔ 17.3: TE-CL Attack
✔ 17.4: TE-TE Attack
✔ 18.1: Whitelisting and Blacklisting
✔ 18.2: Bypassing Blacklisting
✔ 18.3: Brief on Regex
✔ 19.1: Traversal Payload
✔ 19.2: Bypass WAF
✔ 19.3: Reading and Inclusion Difference
✔ 20.1: Path Traversal Payload to Read the File
✔ 21.1: Explaining HTML Web Page
✔ 21.2: Reflected HTML Injection
✔ 21.3: Stored HTML Injection
✔ 22.1: Apache Config Brief
✔ 22.2: Host Header Explaining
✔ 23.1: POST Method Explain
✔ 23.2: Encoded POST Method
✔ 23.3: Various Headers Related to File Upload
✔ 24.1: JWT Tokens Algorithms
✔ 24.2: Brute Force on HS256 Algo
✔ 24.3: Logic Error Bypass
✔ 25.1: XXE Vulnerability to Cause DOS
✔ 26.1: POC (Proof of Concept)
✔ 26.2: Executive and Management Report
✔ 26.3: Technical Report for IT and Security Department