Certification in Web App Penetration Testing Syllabus at Tutelr Infosec Private Limited, Chennai

Frequently Asked Questions

Syllabus 

Module Description 

SECTION 1: Introduction and Information Gathering

TOPICS: Overview of the Web from a Penetration Tester’s Perspective; Web Application Assessment Methodologies; The Penetration Tester’s Toolkit; WHOIS and DNS Reconnaissance; Virtual Host Discovery; Open Source Intelligence (OSINT); The HTTP Protocol; Secure Sockets Layer (SSL) Configurations and Weaknesses; Interception Proxies; Proxying SSL Through BurpSuite Pro and Zed Attack proxy

SECTION 2: Content Discovery, Authentication, and Session Testing

TOPICS: Logging and Monitoring; Learning Tools to Spider a Website; Analyzing Website Content; Brute Forcing Unlinked Files and Directories via ZAP and ffuf; Web Authentication Mechanisms; Fuzzing with Burp Intruder; Username Harvesting and Password Guessing; Burp Sequencer; Session Management and Attacks; Authentication and Authorization Bypass; Mutillidae

SECTION 3: Injection AND XXE

TOPICS: Command Injection; Directory Traversal; Local File Inclusion (LFI); Remote File Inclusion (RFI); Insecure Deserialization; SQL Injection; Blind SQL Injection; Error Based SQL Injection; Exploiting SQL Injection; SQL Injection Tools: sqlmap; XML External Entity (XXE)

SECTION 4: XXE

TOPICS: Cross-Site Scripting (XSS); Browser Exploitation Framework (BeEF); AJAX; XML and JSON; Document Object Model (DOM); API attacks; Data Attacks; REST and SOAP

SECTION 5: CSRF, Logic Flaws, and Advanced Tools 

TOPICS: Cross-Site Request Forgery (CSRF); Logic Attacks; Python for Web App Penetration Testing; WPScan; ExploitDB; BurpSuite Pro scanner; Metasploit; When Tools Fail; Business of Penetration Testing

SECTION 6: Capture the Flag During Section 6, students form teams and compete in a web application penetration testing tournament. This NetWars-powered Capture-the-Flag exercise provides students an opportunity to wield their newly developed or further honed skills to answer questions, complete missions, and exfiltrate data, applying skills gained throughout the course. The style of challenge and integrated hint system allows students of various skill levels to both enjoy a game environment and solidify the skills learned in class.

How Promilo Works for Students

College Search Made Easy, Find the Right College for You in Minutes, Not Months!

Search your Career Goal

Discover courses, internships, and jobs that sync with your goals.

Register for Free

Get access to premium features and connect directly with experts. You're all set!

Book a Free Meeting

Schedule a free online meeting or talk to experts Jump into a meeting with pro-experts. We got you!

Stack Up Rewards

Your time is valuable, and we appreciate every moment you spend with us. That's why we continue to reward you for your engagement.