Web Penetration Testing
Web Penetration Testing
A penetration test, also known as a pen test, is a simulated cyber attack against your computer system to check for exploitable vulnerabilities. In the context of web application security, penetration testing is commonly used to augment a web application firewall (WAF).
Hacksudo Web penetration Testing
Course Content
Introduction of Web Penetration testing and Bug hunting
○ Passive Information Gathering
• Google Hacking
• Netcraft
• Email Harvesting
• Website Recon
• Recon-ng
○ Active Information Gathering
• DNS Enumeration
• Nmap Port Scanning
• SMB Enumeration
• SMB Enumeration
• Vulnerability Scanning with Nessus
• Vulnerability Scanning with Nmap
○ Online Password Cracking
• hydra password attack SSH Attack
• Medusa Attack
• burpsuit password attack
○ Offline Password Cracking
• hashcat
• john the ripper
• HTML Injection
• iFrame Injection
• LDAP Injection ( search )
• OS Command Injection
• SQL Injection
• XPATH Injection
• Broken Authentication
• Session Management
• Reflected
• Stored
• Insecure DOR ( change Secret )
• Insecure DOR ( Reset Secret )
• Insecure DOR ( Order Tickets )
• Arbitrary File Access
• Cross Domain Policy File
• Insecure FTP Configuration
• Insecure WebDAV Configuration
• base64 Encoding (secret)
• Beast/Crime/Breach Attack
• Clear Text HTTP ( credentials)
• Heartbleed Vulnerability
• HTML Web Storage (Secret)
• Change Password
• Change Secret
• Transfer Amount
• Buffer Overflow ( Local/Remote )
• Drupal SQL Injection
• PHP CGI Remote Code Execution
• Shellshock Vulnerability (CGI)
• NC Reverse Shell & Bind Shell
• pwncat
• Pentestmonkey
• Socat
• FTP
• SCP
• wget
• metasploit basic
• payload & exploit
• Abusing Sudo Rights
• SUID Bit
• Kernal Exploit
• Path Variable
• Crontab
• capabilities
• writable /etc/passwd file
• buffer overflow
• docker
hacksudo - web penetration testing
enroll now
call – +91 7666605280 | email – info@hacksudo.com