Penetration Testing

Penetration Testing is a testing technique to determine if an information system protects data and maintains functionality as intended. It also aims at verifying 6 basic principles as listed below:
.   Confidentiality
.   Integrity
.   Authentication
.   Authorization
.   Availability
.   Non-repudiation

Penetration Testing Course Syllabus: Penetration Testing Course Content
Chapter
1. Introduction to Penetration Testing
• Why Penetration Testing? Brief history and Examples
• Career opportunities and Skill Development
Chapter 2. Http Protocol Basics
• Header and Body
• Requests
• Responses — Status Codes
Chapter 3. How https works
• How different from Http
• SSL and Set up
• Limitation
Chapter 4. Encoding
• Introduction
• Charsets
• Charset Vs Charset Encoding
• UAL Encoding
• HTML Encoding
• Base 64
Chapter 5. Same Origin
• Introduction to Same Origin
• How SOP Works
• What does SOP Protect from?
• Examples and Exceptions
Chapter 6. Cookies
• Introduction
• Use of Cookies
• Types of Cookies
Chapter 7. Penetration Testing Process
• Introduction
• Threat Modeling
• Methodologies
• PTES
• OSSTMM
• OWASP Testing Techniques
Chapter 8. The Basic CIA Triad
• Authentication
• Authorization
• Confidentiality
• Integrity
• Non-Repudiation/Accountability
• Availability
Chapter 9. Web application proxy — usage — Lab Session:
• What is Proxy Server? How it works
• Burp Suite Configuration
• Understanding the Http Request and Response using Burp Suite
• Http Splitting
• Cryptography and Password Cracking
• Information Gathering
Chapter 10.Understanding OWASP Top 10 Security Threats:
• Injection
• Broken Authentication and Session Management
• Cross-Site Scripting (MS)
• Insecure Direct Object References
• Security Misconfiguration
• Sensitive Data Exposure
• Missing Function Level Access Control
• Cross-Site Request Forgery (CSRF)
• Using Known Vulnerable Components
• Missing Function Level Access Control
• Cross-Site Request Forgery (CSRF)
• Using Known Vulnerable Components
• Unvalidated Redirects and Forwards
Chapter 11.Hands on — Sessions:
• Access Control Flaws
• Bypass a Path Based Access Control Scheme
• Role Based Access Control
• Remote Admin Access
• AJAX Security
• Authentication Flaws
• Various authentication flaws
• Forgot Password Exercises
• Buffer Overflows
• Concurrency
• Thread safety Issues
• Handling Concurrency Flaws
• Cross-Site Scripting (MS)
• Stored XSS Attacks
• Reflected XSS
• Cross Site Request Forgery
• CSRF — Prompt and Token ByPass
• Improper Error Handling
• Injection Flaws
• SQL Injection
• Xpath Injection
• Denial of Service
• Insecure Communication
• Insecure Configuration
• Insecure Storage
• Malicious Execution
• Parameter Tampering
• Hidden Variables
• URL s
• Form Data
• Session Management Flaws
• Hidden Variables
• URLs
• Form Data
• Session Management Flaws
• Session Hijacking
• Session Fixation
• Cookie Spoofing
• Advanced Web Attacks — Web Services
• WSDL Scanning
• Web Services — SAX
Injection
• Web Services — SQL Injection

Last modified: Wednesday, 10 August 2016, 11:15 PM