+91 9830881440

info@adroitacademy.com

infysec_wapt_small_logo

Web Application Penetration Testing

WAPT-Level 1

Penetration Testing of Web Applications

Course Description

Penetration Testing for Web Application is the Security Testing Procedures for vulnerabilities in various websites and web applications. These vulnerabilities make websites open for exploitation. Most of the corporate applications and critical business processes are now a day placed on the web. Web applications have become a major point of vulnerability today. Security holes in web applications have resulted in the theft of multiples types of financial data and reputational damage for enterprises and even the compromise of thousands of web based transactions altered by the hackers

Online applications have become incredibly insecure. Hackers use web applications to penetrate an organization network and get access to the confidential databases. The demand for Web Application Penetration Tester is definitely increasing with the increase in number of incidents of web defacement throughout the world. Most of the organizations in Software Industry, Security Enterprises, Government and Private Sectors are hiring Web Application Penetration Testers today.

Course Topics

  • Introducing Web Application
  • Core Defense Mechanism
  • Web Application Technologies and Protocols
  • Mapping the Application
  • Enumerating Content
  • Analyzing the Application
  • Bypassing Client-Side Controls
  • Mapping the Attack Surface
  • Hidden form fields & threats
  • Attacking Authentication
  • Attacking Session Management
  • Web2.0 Securities
  • Hacking Web Services
  • Threat Modeling- Application security Control
  • Injecting code
  • SQL Injection
  • Cross Site Scripting (XSS)
  • CSRF With Hijacks
  • Hijacking the Browser
  • Controlling Zombies
  • Attacking Webserver
  • Web Server Exploits
  • Hardening Webserver
  • Source code vulnerabilities : JAVA, ASP.net, Perl, Javascript
  • Web Application hackers Toolkit

WAPT-Level 2

Penetration Testing of Cloud-based Web Applications (SaaS and PaaS)

Course Description

This WAPT-Level 2 requires knowledge of WAPT-Level 1, along with the concepts on Web Application Technologies, DBMS and Networking. This WAPT-Level 2 highly focuses on the vulnerability assessment of SaaS and PaaS systems, and performing VA and PT on them. The tool used for this course will be Burp as it is the only tool which allows to scan cloud-based systems pseudo-manually. The Burp suite along with its different modules will be used very intensively and in-depth along with fine-tuning in this course.

Course Topics

  • Introduction to Cloud Computing
  • What is SaaS and PaaS
  • Concepts of Web 2.0 and Technologies in use
  • Inherent vulnerabilities in Cloud systems
  • Application logic flaws and their identification (manual)
  • Server-side logic flaws and their identification (manual)
  • Introduction to Burp Suite
  • Advanced usage of Burp and its modules (includes fine-tuning scans, using Intruder, Sequencer and other modules etc.)
  • Testing Cloud systems using Burp
  • Testing Application logic using Burp
  • Exploitation and Confirmation of vulnerabilities using Burp