Web Penetration Testing

A penetration test, also known as a pen test, is a simulated cyber attack against your computer system to check for exploitable vulnerabilities. In the context of web application security, penetration testing is commonly used to augment a web application firewall (WAF).

Hacksudo Web penetration Testing


Course Content

Introduction of Web Penetration testing and Bug hunting

○ Passive Information Gathering

• Google Hacking

• Netcraft

• Email Harvesting

• Website Recon

• Recon-ng

○ Active Information Gathering

• DNS Enumeration

• Nmap Port Scanning

• SMB Enumeration

• SMB Enumeration

• Vulnerability Scanning with Nessus

• Vulnerability Scanning with Nmap

○ Online Password Cracking

  • hydra password attack SSH Attack 

  • Medusa Attack

  • burpsuit password attack 

○  Offline Password Cracking

  • hashcat

  • john the ripper

 

• HTML Injection

• iFrame Injection

• LDAP Injection ( search )

• OS Command Injection

• SQL Injection

• XPATH Injection

• Broken Authentication 

• Session Management

  • Reflected

  • Stored

• Insecure DOR ( change Secret )

• Insecure DOR ( Reset Secret )

• Insecure DOR ( Order Tickets )

  • Arbitrary File Access

  • Cross Domain Policy File

  • Insecure  FTP Configuration

  • Insecure WebDAV Configuration

 

• base64 Encoding (secret)

• Beast/Crime/Breach Attack

• Clear Text HTTP ( credentials)

• Heartbleed Vulnerability

• HTML Web Storage (Secret)

• Change Password

• Change Secret

• Transfer Amount

• Buffer Overflow ( Local/Remote )

• Drupal SQL Injection

• PHP CGI Remote Code Execution

• Shellshock Vulnerability (CGI)

• NC Reverse Shell & Bind Shell

• pwncat

• Pentestmonkey

• Socat

• FTP

• SCP

• wget

• metasploit basic

• payload & exploit

• Abusing Sudo Rights

• SUID Bit

• Kernal Exploit

• Path Variable

• Crontab

• capabilities

• writable /etc/passwd file

• buffer overflow

• docker

hacksudo - web penetration testing

enroll now

call – +91 7666605280 | email – info@hacksudo.com