Web-Application-Penetration-Testing

Web Application Penetration Testing (WAPT)

Course Overview

Web Application penetration Testing (WAPT) is the Security testing techniques for vulnerabilities or security holes in corporate websites and web applications. These vulnerabilities leave websites open to exploitation. The Web Application Penetration Testing course from CODEC Networks is a totally hands-on learning experience. From the first day to the last day, you will learn the ins and outs of Web App Pen Testing by attending thought provoking lectures led by an expert instructor.

Every lecture is directly followed up by a comprehensive lab exercise (we also set up and provide lab workstations so you don't waste valuable class time installing tools and apps). Globally with the rising number of incidents of web defacement, the scope of Web Application penetration Tester is definitely rising. Today Web Application Penetration Testers are in very high demand in software companies, IT security firms, Government and Private Sectors etc.

By the end of the course, you should be able to meet the following objectives:

  • An understanding of advanced web penetration techniques
  • Skills to test and exploit specific target environments such as content management systems and infrastructure applications
  • Understanding of encryption and its usage within web applications
  • Methods to recognize and bypass application, platform, and WAF defences
  • Skills to test and evaluate web services used in an enterprise
  • Understanding how to test backend services for mobile applications

Target Audience

This course is suited for those candidates who want to pursue his/her career as a Web Penetration tester, Web security analyst/consultant, Web Application security analyst.

Course Duration

  • 40 Hours.

Course Content / Outline

Introduction

  • Introduction to the course.
  • How to get most out of the course
  • Resources you will need for the course
  • What is WAPT?

Introduction to Web-application

  • What is web application?
  • History of Web-Applications
  • Existing problems and challenges in present web applications
  • Overview of web application defences

Basics

  • How a web application works
  • Architecture of web applications
  • Basics of HTML, CSS and Javascript
  • Basics of any server-side language (PHP/J2EE/ASP.NET)

HTTP Protocol

  • Overview of RFC 2616
  • HTTP Messages & Entities
  • HTTP Request, HTTP Response
  • HTTP Status Codes
  • Various types of encoding schemes

Web servers and clients

  • IIS Server, Apache Server and Other Servers
  • Browsers
  • Browser’s same origin policy
  • Other Web enabled Clients

Server-side and Client-side security controls

  • Input Validation & Output validation (encoding)
  • Insufficient input & output validations
  • Validation approaches
  • Bypass thin/thick(decompile) client validations
  • Leveraging Ajax and web 2.0 in attacks
  • Bypass Server-side validations

Mastering Burp suite

  • Introduction to burp suite
  • Configuring burp suite
  • Burp proxy, Burp Spider, Burp Intruder, Burp Repeater, Burp Sequencer

Injections

  • SQL Injection, Blind SQL Injection, Command Injection, LDAP Injection, XPATH Injection, SOAP Injection
  • Other Injections
  • Implications of Injections
  • Test methodology for injections
  • Remediation

Cross-site Scripting

  • Reflected XSS, Stored XSS, DOM XSS
  • Implications of XSS
  • Test Methodology for XSS
  • Remediation

Cross-site Request Forgery

  • CSRF with GET method
  • CSRF with POST method
  • Implications of CSRF
  • Test methodology for CSRF
  • Remediation

Authentication testing

  • Guessable Passwords
  • Failure Messages
  • Brute forcing login
  • Plain text password transmission
  • Improper implementation of forgot password functionality
  • Remember Me Functionality
  • Guessable User names
  • Multi factor authentication flaws
  • Fail-Open Login Mechanisms
  • Insecure Storage of Credentials
  • Remediation

Authorization testing

  • Introduction to authorization
  • Implementation weaknesses in authorization
  • Horizontal privilege escalation
  • Vertical privilege escalation
  • URL, Form, cookie based escalation

Types of web application security testing

  • Black box testing ,White box testing & Grey box testing
  • Vulnerability Assessment vs Penetration testing
  • Infrastructure and Application Admin Interfaces
  • Web application penetration test scope and process
  • Legalities of the VAPT

Reconnaissance

  • Foot printing Domain details (whois) - Technicalinfo.net
  • OS and Service fingerprinting – Netcraft.com, Banner grabbing, HTTPprint
  • Google hacking
  • Load balancer Identification
  • Spidering a web site (wget, Burp spider)
  • Application flow charting
  • Relationship analysis within an application
  • Software configuration discovery

SSL & Configuration testing

  • Testing SSL / TLS cipher
  • Testing SSL certificate validity–client and server
  • Infrastructure and Application Admin Interfaces
  • Testing for HTTP Methods and XST
  • Testing for file extensions handling
  • Old, Backup and Unreferenced Files
  • Application Configuration Management Testing

Session Management testing

  • Need for session and state
  • Ways to implement state
  • How session state work
  • What are cookies
  • Common Cookies and Session Issues
  • Man in the middle

Brute force web applications

  • Brute force authentication, Brute force Authorization, Brute force web services, Brute force web server, Brute force .htaccess

Parameter Manipulation

  • Query string manipulation, Form field manipulation, Cookie manipulation, HTTP header manipulation

Other Attacks

  • Sniffing, Phishing & Vishing
  • D(D)OS Attacks
  • Invalidated Redirects and Forwards

Samurai WTF

  • Introduction to Samurai WTF
  • Various Tools in Samurai WTF
  • Nikto, w3af, BeEF Framework, Fuzzing and JBroFuzz, DirBuster, Netcat, Brutus and Hydra
  • Overview of various Proxies (zed, rat, paros, webscarab)

Firefox security Add-ons

  • Tamper Data
  • SQL inject me
  • XSS me
  • Firebug
  • Live HTTP headers
  • Foxy Proxy
  • Web Developer

Automated Scanners

  • Acunetix, IBM App Scan, Burp Scanner
  • Effectiveness of Automated tools
  • Reduction of False positives and false Negatives

VAPT Methodologies

  • OWASP, SANS 25, WAHH, OWASP Check-list

Reporting

  • Importance of documentation
  • OWASP Risk rating methodology
  • Creating managerial, technical VAPT reports
  • Open reporting standards