In this course, we will be concentrating mainly on how Penetration Testing can be done on web based applications. And it can also be used for mobile based applications because most of the mobile based applications communicate with a cloud based API. The security of this API is actually the security of the mobile application which is using this API.
- Install WAMP.
- Install Mutillidae.
- Install Burp Suite.
- SQL Injection — Attack and Defenses.
- OS Command Injection — Attack and Defenses.
- JSON Injection Attack using Reflected XSS Technique and Defense Measures.
- Cookie Manipulation Attack and Defenses.
- Username Enumeration Attack.
- Brute Force Attack Technique and Defenses.
- Cross Site Scripting (Reflected XXS using HTML Context).
- Storage Cross Site Scripting Attack — XSS Defenses.
- Insecure Direct Object Reference — IDOR and Defense using File Tokens.
- Insecure Direct Object Reference — IDOR and Defense using URL Tokens.
- Directory Browsing Traversal Threat Demonstration ect.