Tutelr Infosec Private Limited
Certification in Web App Penetration Testing
IT & Software (Computer Science & IT)
Shortlisted by 76+ Students
Location: Chennai
Duration: 3 MONTH
Regular / Offline
Average Fees: ₹ 82000
Highlights Web applications play a vital role in every modern organization. However, if your organization doesn’t properly test and secure its web apps, adversaries can compromise these applications,damage business functionality, and steal data. Unfortunately, many organizations operate under the mistaken impression that a web application security scanner will reliably discover flaws in their systems.
.png){kind=logo}
.png)
.png){kind=logo}
.png){kind=logo}
.png){kind=logo}
.png){kind=logo}
.png){kind=logo}
.png){kind=logo}
.png){kind=logo}
Syllabus
Module Description
SECTION 1: Introduction and Information Gathering
TOPICS: Overview of the Web from a Penetration Tester’s Perspective; Web Application Assessment Methodologies; The Penetration Tester’s Toolkit; WHOIS and DNS Reconnaissance; Virtual Host Discovery; Open Source Intelligence (OSINT); The HTTP Protocol; Secure Sockets Layer (SSL) Configurations and Weaknesses; Interception Proxies; Proxying SSL Through BurpSuite Pro and Zed Attack proxy
SECTION 2: Content Discovery, Authentication, and Session Testing
TOPICS: Logging and Monitoring; Learning Tools to Spider a Website; Analyzing Website Content; Brute Forcing Unlinked Files and Directories via ZAP and ffuf; Web Authentication Mechanisms; Fuzzing with Burp Intruder; Username Harvesting and Password Guessing; Burp Sequencer; Session Management and Attacks; Authentication and Authorization Bypass; Mutillidae
SECTION 3: Injection AND XXE
TOPICS: Command Injection; Directory Traversal; Local File Inclusion (LFI); Remote File Inclusion (RFI); Insecure Deserialization; SQL Injection; Blind SQL Injection; Error Based SQL Injection; Exploiting SQL Injection; SQL Injection Tools: sqlmap; XML External Entity (XXE)
SECTION 4: XXE
TOPICS: Cross-Site Scripting (XSS); Browser Exploitation Framework (BeEF); AJAX; XML and JSON; Document Object Model (DOM); API attacks; Data Attacks; REST and SOAP
SECTION 5: CSRF, Logic Flaws, and Advanced Tools
TOPICS: Cross-Site Request Forgery (CSRF); Logic Attacks; Python for Web App Penetration Testing; WPScan; ExploitDB; BurpSuite Pro scanner; Metasploit; When Tools Fail; Business of Penetration Testing
SECTION 6: Capture the Flag During Section 6, students form teams and compete in a web application penetration testing tournament. This NetWars-powered Capture-the-Flag exercise provides students an opportunity to wield their newly developed or further honed skills to answer questions, complete missions, and exfiltrate data, applying skills gained throughout the course. The style of challenge and integrated hint system allows students of various skill levels to both enjoy a game environment and solidify the skills learned in class.
How Promilo Works for Students
College Search Made Easy, Find the Right College for You in Minutes, Not Months!
Search your Career Goal
Discover courses, internships, and jobs that sync with your goals.
Register for Free
Get access to premium features and connect directly with experts. You're all set!
Book a Free Meeting
Schedule a free online meeting or talk to experts Jump into a meeting with pro-experts. We got you!
Stack Up Rewards
Your time is valuable, and we appreciate every moment you spend with us. That's why we continue to reward you for your engagement.