Web Application

Penetration Testing Training

www.ignitetechnologies.in
ABOUT
Well-Known Entity for Offensive Security

{Training and Services}

ABOUT US
With an outreach to over a million students
and over thousand colleges, Ignite Technologies stood out
to be a trusted brand in cyber security training and services

WHO
CAN
College Students
IS/IT specialist, analyst, or manager
IS/IT auditor or consultant
IT operations manager
Network security officers and WHY
Practitioners
Site administrators
Level up each candidate by providing the
Technical support engineer
fundamental knowledge required to begin the
Senior systems engineer
Sessions.
Systems analyst or administrator
Hands-on Experience for all Practical
IT security specialist, analyst, manager,
Sessions.
Architect, or administrator
Get Course PDF and famous website links for
IT security officer, auditor, or engineer
content and Tools
Network specialist, analyst, manager,
Customized and flexible training schedule.
Architect, consultant, or administrator
Get recorded videos after the session for each
participant.
Get post-training assistance and backup
sessions.
Common Platform for Group discussion along
with the trainer.
Work-in Professional Trainer to provide realtime
exposure.
Get a training certificate of participation.
 WEB PENTEST
Web Pentest program, also known as the Bug Bounty program, is a
crowdsourcing initiative hosted by organizations to give a platform to security researchers and
white hat hackers from across the globe to showcase their skills and discover any security holes
in their infrastructure. Depending upon the severity level of the bug report and the details
presented within the Proof of Concept (POC), they are either rewarded with remuneration or
recognition as a token of appreciation.

While a large majority of the bug bounty programs are public, certain are private events
and are strictly invite-based. Such programs have stringent terms and conditions that the
invitees must always abide by

During this course, you will acquire knowledge in the fundamentals of application security
vulnerabilities and penetration testing.

PREREQUISITES
In order to initiate the Bug Bounty Training, you should be aware of the basic concepts of the
development web applications; frontend and backend.

COURSE DURATION: 25 to 30 HOURS

 How We
Function Training Type
Type 1
A G ROU P SESSION will have a maximum of 10 candidates.

Pros:
• Less Expensive than Type2 & Type3.
• Get a chance to build connections across the world.

Type 2
A PE RSONALIZE D SESSIONS will be a one-on-one session.

Pros: Flexible slot as per candidate availability.

Type 2
A CUSTOM IZE D PE RSONALIZE D session will be a one-on-one session that can be

fine-tuned as per the Candidate's requirement.

Pros:

• Flexible slot as per candidate availabilities

• Including Live Website Testing

 What
You Will Achieve?

OUR FOCUS

• Level up all candidates from the various domains to make the

curriculum cohesive.

• Gained an in-depth knowledge of web application concepts.

• Give hands-on experience

• Maintain the security posture by adhering to industry best

practices.

• Work-in Professionals Red Teamers and Pentesters around the

world will be conducting all sessions live. Follow OWASP and N IST
standards for how to respond to the attack.
 COURSE OVERVIEW

Introduction
• Introduction Web Servers & Web Applications
• The Bug Bounty Program
• Web Application Penetration Testing & its Methodologies
• Introduction to HTTP Protocol
• OWASP & its Top 10
• Introduction to Burp Suite

Pentest Lab Setup

• Web Server Lab Setup
• Web Application Lab Setup
• Configuring Burp Suite Pro

Information Gathering & Reconnaissance

• What Is Information Gathering?
• Information Gathering Cheat Sheet
• DNS Enumeration
• Perform Web Application Fingerprinting
• Spider/Crawl For Missed or Hidden Content Directory Brute Forcing
• Google Advanced Search

Netcat for Pentester

• Introduction to Netcat
• Netcat as Banner Grabber
• Netcat File Transfer
• Netcat Reverse Shell
• Netcat Shells Over Payload
Configuration Management Testing
• Enumerate Infrastructure and Application Admin Interfaces
• Check For Backup and Unreferenced Files for Sensitive Information
• Check HTTP Methods Supported And Cross Site Tracing (XST)
• Test File Extensions Handling
• HTTP Strict Transport Security
• Test Network/ Infrastructure Configuration

Cryptography
• Check SSL Version, Algorithms, Key Length
• Check For Digital Certificate Validity (Duration, Signature And Cn)
• Check Credentials Only Delivered Over Https
• Check That The Login Form Is Delivered Over Https
• Check Session Tokens Only Delivered Over Https
• Check If Http Strict Transport Security (HSTS) In Use

Authentication
• What is Authentication?
• HTTP Authentication Exploitation
• Introduction to Broken Authentication
• Broken Authentication Exploitation.
• Test For User Enumeration
• Test For Brute force Protection
• Test For Default Logins
• Test Password Reset and/or Recovery
• Test Password Change Process
• Test CAPTCHA
• Test Password Quality Rules
• Test For Autocomplete on Password Forms/ Input
• Mitigation Steps

Session Management
• What are Sessions and Cookies?
• Introduction to Session Management
• Check session tokens for cookie flags
• Check session cookie duration
• Test session cookies for randomness
• Insecure Session Exploitation
• Mitigation Steps
Local File Inclusion
• Introduction to Local File Inclusion
• Basic LFI Technique
• Null byte Technique
• Base64 Technique
• Fuzzing Technique
• LFI Suite
• LFI over File Upload
• LFI Log Poisoning
• Mitigation Steps

Remote File Inclusion

• Introduction to RFI
• Why Remote File Inclusion Occurs?
• Remote File Inclusion Exploitation
• Basic Remote File Inclusion
• Reverse Shell through Netcat
• RFI over Metasploit
• Bypass a Blacklist Implemented
• Null Byte Attack
• Exploitation through SM B Server
• Mitigation Steps

Path Traversal
• Linux Server Path Traversal Exploitation
• Basic Path Traversal
• Blocked Traversal Sequence
• Validated Path Traversal
• Path Disclosure in U RL
• Null Byte Bypass
• Windows Server Path Traversal Exploitation
• Basic Path Traversal
• Double dots with Forward-Backward Slashes
• Blocked Traversal Sequences
SQL Injection
• What are Databases?
• Introduction to SQL Injection
• SQL Injection Error Based
• SQL Injection via SQLmap
• Manual SQL Exploitation
• Boolean Based Exploitation
• SQL Injection Form Based Exploitation
• Authentication Bypass
• Remote Code Execution with SQLmap
• Mitigation Steps

XXE Injection
• Introduction to XM L
• Introduction to XXE Injection
• XXE for SSRF
• XXE Billion Laugh Attack
• XXE Exploitation
• Blind XXE
• Mitigation Steps

Bonus Section
• Automated Vulnerability Scanner
• Firefox Add-ons
• Encoding Methods
• Reporting
 CONTACT US

Phone No.
+91 9599 387 41 | +91 1145 1031 30

WhatsApp
https://wa.me/message/HIOPPNENLOX6F1

EMAIL ADDRESS
[email protected]

WEBSITE
www.ignitetechnologies.in

BLOG
www.hackingarticles.in

LINKEDIN
https://www.linkedin.com/company/hackingarticles/

TWITTER
https://twitter.com/hackinarticles

GITHUB
https://github.com/ignitetechnologies