Web Penetration Testing & Bug Hunting

Description:

This comprehensive 3 day training on Web Penetration Testing and Bug Hunting is designed to equip participants with the knowledge and skills required to identify and exploit security vulnerabilities in web applications and mobile platforms. It covers the fundamentals of penetration testing, including the stages of testing, an overview of hacking, and an introduction to essential tools and lab setups. The curriculum also delves into OWASP Top 10 vulnerabilities, advanced bug hunting techniques, and detailed web and mobile application penetration testing methodologies. Additionally, the course includes modules on network penetration testing and best practices for creating detailed security reports.

Duration: 3 Days

Course Code: BDT348

Learning Objectives

• Understand the Fundamentals of Penetration Testing
• Gain Proficiency with Essential Tools like Burp Suite, Nessus, and Kali Linux, including setting up a lab environment for practical testing.
• Master OWASP Top 10 Vulnerabilities
• Develop Advanced Bug Hunting Skills
• Perform Comprehensive Penetration Testing

• Basic Knowledge of Networking
• Familiarity with Web Technologies:
• Basic Programming Skills preferably in Python.
• Operating System Proficiency

This course is suitable for:

• Aspiring Cyber Security Professionals
• IT Security Specialists
• Software Developers and QA Engineers
• Network Administrators

This course is suitable for:

• Aspiring Cyber Security Professionals
• IT Security Specialists
• Software Developers and QA Engineers
• Network Administrators

Course Outline:

Module 1: Introduction of Penetration Testing

• What is Penetration Testing?
• Penetration Testing Stages
• Overview of Hackers
• Overview of WAPT
• Opportunity in Cyber Security or Penetration Testing

Module 2: Overview of Tools and Lab Installation

• Burp suite
• Nessus
• Kali Linux
• Setup Kali Linux
• Setup Metasploitable 2.0
• Some reconnaissance tools

Module 3: OWASP Overview

• OWASP Top 10 2021
• OWASP Top 10 2017
• Basic vulnerabilities overview

Module 4: Bug Hunting

• Bug Hunting Tools
• How to find the subdomains
• How to find the PII
• How to find the end points
• How to search PII on GitHub

Module 5: Web Application Penetration Testing

• Insecure Direct Object Reference
• EXIF Geolocation data
• Host Header Attack
• No Rate Limit
• Insecure HTTP Method
• File Upload vulnerability
• 2FA Bypass
• CORS
• XSS
• CSRF
• Web Cache Deception
• SSRF
• Authentication Testing
• SQL Injection

Module 6: Mobile Penetration testing

• Mobile PT overview
• Lab Setup
• Overview of Frida & Objection
• Extraction of apk file
• SSL pinning bypass
• Some example attack
• Static Testing using Mobsf

Module 7: Network Penetration

• Nessus Scan
• Check for manual scan
• Metasploit

Module 8: Reporting

• How to create report
• How to Submit a Bug Report