Web Application
Common Web
Application Attacks
Directory Traversal
File Inclusion Vulnerabilities
File Upload Vulnerabilities
Command Injection
Introduction to
Web Applications
Web Application
Assessment Tools
Web Application
Enumeration
Web Application
Assessment Methodology
Cross-Site Scripting (XSS)
Understand web application security
testing requirements
Learn different types of methodologies of
web application testing
Learn about the OWASP Top10 and most
common web vulnerabilities
Understand Web Proxies theory
Learn how Burp Suite proxy works for web
application testing
Perform common enumeration techniques
on web applications
Understand how to enumerate and inspect
Headers, Cookies, and Source Code
Learn how to conduct API testing
methodologies
Learn how to debug Web Application
source code
Understand Cross-Site Scripting
vulnerability types
Exploit basic Cross-Site Scripting
Perform Privilege Escalation via Cross-Site
Scripting
Understand absolute and relative paths
Learn how to exploit directory traversal
vulnerabilities
Use encoding for special characters
Learn the difference between File Inclusion and Directory Traversal vulnerabilities
Gain an understanding of File Inclusion
vulnerabilities
Understand how to leverage Local File
Inclusion (LFI to obtain code execution
Explore PHP Wrapper usage
Learn how to perform Remote File
Inclusion (RFI) attacks
Understand File Upload Vulnerabilities
Learn how to identify File Upload
vulnerabilities
Explore different vectors to exploit File
Upload vulnerabilities
Learn about command injection in web
applications
Use operating system commands for OS
command injection
Understand how to leverage command
injection to gain system access
SQL Injection Attacks
SQL Theory and Database
Types
Manual SQL Exploitation
Manual and Automated
Code Execution
Client-Side Attacks
Target Reconnaissance
Exploiting Microsoft Office
Abusing Windows Library
File
Locating Public
Exploits
Gather information to prepare client-side
attacks
Leverage client fingerprinting to obtain
information
Understand variations of Microsoft Office
client-side attacks
Install Microsoft Office
Leverage Microsoft Word Macros
Leverage Windows shortcuts to obtain
code execution
Prepare an attack with Windows library
files
Getting Started
Online Exploit Resources
Understand the risk of executing untrusted
exploits
Understand the importance of analyzing
the exploit code before execution
Access multiple online exploit resources
Differentiate between various online
exploit resources
Understand the risks between online
exploit resources
Use Google search operators to discover
public exploits
Offline Exploit Resources
Access Multiple Exploit Frameworks
Use SearchSploit
Use Nmap NSE Scripts
Exploiting a Target
Follow a basic penetration test workflow to
enumerate a target system
Completely exploit a machine that is
vulnerable to public exploits
Discover appropriate exploits for a target
system
Execute a public exploit to gain a limited
shell on a target host
Fixing Exploits
Fixing Memory Corruption
Exploits
Fixing Web Exploits
Understand high-level buffer overflow
theory
Cross-compile binaries
Modify and update memory corruption
exploits
Fix Web application exploits
Troubleshoot common web application
exploit issues