Web Application Penetration Testing

Transcription

1 Web Application Penetration Testing COURSE BROCHURE & SYLLABUS Course Overview Web Application penetration Testing (WAPT) is the Security testing techniques for vulnerabilities or security holes in corporate websites and web applications. These vulnerabilities leave websites open to exploitation. The Web Application Penetration Testing course from CODEC Networks is a totally hands-on learning experience. From the first day to the last day, you will learn the ins and outs of Web App Pen Testing by attending thought provoking lectures led by an expert instructor. Every lecture is directly followed up by a comprehensive lab exercise (we also set up and provide lab workstations so you don't waste valuable class time installing tools and apps). Globally with the rising number of incidents of web defacement, the scope of Web Application penetration Tester is definitely rising. Today Web Application Penetration Testers are in very high demand in software companies, IT security firms, Government and Private Sectors etc. By the end of the course, you should be able to meet the following objectives: An understanding of advanced web penetration techniques Skills to test and exploit specific target environments such as content management systems and infrastructure applications Understanding of encryption and its usage within web applications Methods to recognize and bypass application, platform, and WAF defences Skills to test and evaluate web services used in an enterprise Understanding how to test backend services for mobile applications Target Audience Prior to enrolling in our authorized WAPT, candidates must have basic knowledge of: JAVA or.net or PHP Knowledge of Database Programming Knowledge of HTML & Java-script Those who successfully completed this training have pursue his/her career as a Web Pen tester, Web security analyst/consultant, Web Application security analyst. Course Duration: 24 Hours

2 Course Content Introduction o Introduction to the course. o How to get most out of the course o Resources you will need for the course o What is WAPT? Introduction to Web-application o What is web application? o History of Web-Applications o Existing problems and challenges in present web applications o Overview of web application defences Basics o How a web application works o Architecture of web applications o Basics of HTML, CSS and Javascript o Basics of any server-side language (PHP/J2EE/ASP.NET) HTTP Protocol o Overview of RFC 2616 o HTTP Messages & Entities o HTTP Request, HTTP Response o HTTP Status Codes o Various types of encoding schemes Web servers and clients o IIS Server, Apache Server and Other Servers o Browsers o Browser s same origin policy o Other Web enabled Clients Server-side and Client-side security controls o Input Validation &Output validation (encoding) o Insufficient input & output validations o Validation approaches o Bypass thin/thick(decompile) client validations o Leveraging Ajax and web 2.0 in attacks o Bypass Server-side validations Mastering Burp suite o Introduction to burp suite o Configuring burp suite o Burp proxy, Burp Spider, Burp Intruder, Burp Repeater, Burp Sequencer

3 Injections o SQL Injection, Blind SQL Injection, Command Injection, LDAP Injection, XPATH Injection, SOAP Injection o Other Injections o Implications of Injections o Test methodology for injections Cross-site Scripting o Reflected XSS, Stored XSS, DOM XSS o Implications of XSS o Test Methodology for XSS Cross-site Request Forgery o CSRF with GET method o CSRF with POST method o Implications of CSRF o Test methodology for CSRF Authentication testing o Guessable Passwords o Failure Messages o Brute forcing login o Plain text password transmission o Improper implementation of forgot password functionality o Remember Me Functionality o Guessable User names o Multi factor authentication flaws o Fail-Open Login Mechanisms o Insecure Storage of Credentials Authorization testing o Introduction to authorization o Implementation weaknesses in authorization o Horizontal privilege escalation o Vertical privilege escalation o URL, Form, cookie based escalation Types of web application security testing o Black box testing,white box testing&grey box testing o Vulnerability Assessment vs Penetration testing o Web application penetration test scope and process o Legalities of the VAPT

4 Reconnaissance o Foot printing Domain details (whois) - Technicalinfo.net o OS and Service fingerprinting Netcraft.com, Banner grabbing, HTTPprint o Google hacking o Load balancer Identification o Spidering a web site (wget, Burp spider) o Application flow charting o Relationship analysis within an application o Software configuration discovery SSL & Configuration testing o Testing SSL / TLS cipher o Testing SSL certificate validity client and server o Infrastructure and Application Admin Interfaces o Testing for HTTP Methods and XST o Testing for file extensions handling o Old, Backup and Unreferenced Files o Application Configuration Management Testing Session Management testing o Need for session and state o Ways to implement state o How session state work o What are cookies o Common Cookies and Session Issues o Man in the middle Brute force web applications o Brute force authentication, Brute force Authorization, Brute force web services, Brute force web server, Brute force.htaccess Parameter Manipulation o Query string manipulation, Form field manipulation, Cookie manipulation, HTTP header manipulation Other Attacks o Sniffing, Phishing &Vishing o D(D)OS Attacks o Invalidated Redirects and Forwards Samurai WTF o Introduction to Samurai WTF o Various Tools in Samurai WTF o Nikto, w3af, BeEF Framework, Fuzzing and JBroFuzz, DirBuster, Netcat, Brutus and Hydra o Overview of various Proxies (zed, rat, paros, webscarab)

5 Firefox security Add-ons o Tamper Data o SQL inject me o XSS me o Firebug o Live HTTP headers o Foxy Proxy o Web Developer Automated Scanners o Acunetix, IBM App Scan, Burp Scanner o Effectiveness of Automated tools o Reduction of False positives and false Negatives VAPT Methodologies o OWASP, SANS 25, WAHH, OWASP Check-list Reporting o Importance of documentation o OWASP Risk rating methodology o Creating managerial, technical VAPT reports o Open reporting standards