eSecurifyTrainings

Certified Web Application Security Professional

Be an expert in web application security vulnerabilities & its exploitation with practical real time demonstrations covering OWASP Top 10 and various other vulnerabilities. At the end there is also a guide to start your Bug Bounty journey.

  • 4.80+ Ratings
  • English
Get Free Demo

₹14,999

Course Type

Lectures

Duration

Training Mode 

Instructor-Led

24 (Approx.)

60 HRS (Approx.)

Online/Offline

Enroll Now

Course Overview

Salient Features

Exciting Bonus

Curriculum

Course Overview

 

Are you a pen tester who can test web applications? Are you good with web application scanners? Are you good at finding if a site is vulnerable to SQL injection and XSS? Do you know how to test for CSRF weaknesses? Have you heard about DOM XSS and Server-Side Request Forgeries? Have you tested applications for HTML5 Security? Maybe you have tried to find such vulnerabilities in the past but weren’t confident of your tools and approaches.

This 1-month course with complete hands-on exercises will teach you to exploit security vulnerabilities like never before. You will be able to identify, detect and exploit advanced attacks that you may be aware of but haven’t tried in real world security testing.

All of the above and more in a realistic scenario-based learning environment with the same tools’ attackers use to hack and compromise web applications on the Internet is what this course is all about.

Salient Features

  • Understand the concept of various web application security vulnerabilities
  • Covers OWASP Top 10 & other vulnerabilities
  • Learn to exploit & secure different web application security vulnerabilities
  • Practical demonstrations
  • A guide to start Bug Bounty journey
  • Learn to solve CTFs
  • Dedicated support team to get your doubts and queries solved
  • eSecurify Community Access to stay updated in Cyber Security
  • Appreciated with participation certificate

Exciting Bonus

  • Private Bug Bounty Website to maximize your chance of earning your life’s first bounty.
  • Bug Bounty Report Templates (present the way how it should be)

Curriculum

  • Importance of Web Application Security
  • Understanding Industrial Standards
  • What is OWASP?
  • Introduction to OWASP Top 10 Vulnerabilities
  • Introduction to Burp Suite
  • Understanding Information Gathering
  • What is WHOIS?
  • Information Gathering Tools
  • Search Like a Pro Using Google Dorks
  • What is SQL?
  • Basic Queries of SQL
  • Authentication Bypass using Basic SQL Injection
  • Advanced MySQL Injections
  • Advanced MSSQL Injections
  • Advanced Oracle Injections
  • Database Dumping using Advanced SQL Injection
  • Firewall Evasion Techniques for SQL Injection
  • Automated Tools
  • Practical Demonstration on Real Web Application
  • Account Lockout Mechanism
  • Enumeration Techniques
  • Captcha Bypass
  • Session Expiration
  • Logout Management
  • Concurrent Misconfigured Sessions
  • Practical Demonstration eSecurify Buggy Web Applications
  • Introduction to Cross Site Scripting
  • Types of Cross Site Scripting
  • Non-Persistent XSS
  • Persistent XSS
  • DOM Based XSS
  • Exploiting XSS to steal session cookies, csrf tokens,
  • Preventing XSS
  • Introduction to CSP
  • Practical Demonstration on Real Web Application
  • Introduction to IDOR Vulnerability
  • Finding out IDOR
  • Exploiting IDOR
  • Preventing IDOR
  • Practical Demonstration on Real Web Application
  • Arbitrary File Upload
  • Introduction to CORS
  • Exploiting CORS
  • Introduction to SOP
  • SOP Bypass
  • Introduction to HSTS
  • Exploiting HSTS
  • MITM Attack using Wireshark
  • Directory Listing
  • Practical Demonstration on Real Web Application
  • Full Path Disclosure
  • Cross Domain Referer Leakage
  • Robots.txt Disclosure
  • Practical Demonstration on Real Web Application
  • Introduction to Missing Functional Level Access Control
  • OTP Bypassing Techniques
  • Privilege Escalation
  • Practical Demonstration on Real Web Application
  • Introduction to Cross Site Request Forgery
  • Finding CSRF
  • Exploiting CSRF
  • Preventing CSRF
  • Practical Demonstration on Real Web Application
  • Introduction to 3rd Party Components
  • Finding 3rd Party Components
  • Exploiting 3rd Party Components
  • Preventing Using Components with Known Vulnerabilities
  • Practical Demonstration on Real Web Application
  • What are Redirects & Forwards?
  • Finding Redirects & Forwards
  • Exploiting Redirects & Forwards
  • Preventing Unvalidated Redirects & Forwards
  • Practical Demonstration on Real Web Application
  • Server Side Javascript Injection
  • Server Side Template Injection
  • Server Side Request Forgery
  • Cross Site Port Attack
  • XML External Entities (XXE) Attacks
  • Subdomain Takeover
  • Local File Inclusion
  • Host Header Attack
  • Homograph Attack
  • Race Condition Issue
  • What are Responsible Disclosure Programs?
  • What are Bug Bounty Programs?
  • Bug Bounty Platforms
  • How to Report a Bug to Company?
  • How to earn money (bounty) by reporting a legitimate bug?
  • Websites
  • Facebook Groups
  • LinkedIn Groups
  • Twitter Profiles
  • Course Complication Certificate

Prerequisites

  • Keen interest in learning Cyber Security
  • Basic Understanding of Computer Operations and Internet
  • PC/Laptop to practice

Upcoming Batches