|
Overview
WAPT (Web Application Penetration Testing) is focussed on approach based testing of web applications. The program teaches you the vulnerabilites that are seen frequently in web applications and trains you extensively on manual testing of its components for eliminating threats.
Objectives
At the end of the program, the candidate will be able to understand web servers, Web applications, Web application threats and Vulnerabilities. The candidates will be able to successfully carry out Penetration testing and Vulnerability assessments for Web Applications and suggest countermeasures or solutions for the same.
Duration 40 hours (5 days)
Pre-requisites
The candidate must be certified in H3X before attending the program.
Course outline: WAPT v1.0
The program covers the following domains:
Introduction to Web Applications and Architecture
What is web-Application?
- Introduction
- Components of a web application
- Basic Architecture
HTML overview
- HTML into
- HTML Syntax - labs
- Sample HTML page - labs
Introduction to J2EE
- J2EE Architecture
- JSP Syntax labs
- JSP page on a Tomcat server - labs
- Intro to Ejb, jdbc and Servlets
Introduction to ASP Dot Net
- Dot Net Framework
- C#, ASP.Net Language labs
- Ado.Net overview
- Sample Asp.net page labs
Introduction to AJAX
- Ajax overview
- Ajax syntax labs
- Using Ajax labs
Overview of SOAP, XML and Web services
- SOAP overview
- XML introduction
- XML page along with DTD- labs
Overview of web services
- Interoperability of applications using web services
Introduction to PHP
- PHP overview
- PHP language syntax labs
Overview of JSON
- Overview of JSON
- Web application architecture
- N-tier Architecture
- 3-tier Architecture
- Sample J2EE Application Architecture
- Sample Dot Net Application Architecture
Common Web 2.0 Applications
- Why people prefer open source
- Free vs Commercial
Web Application Threats
- XSS
- SQL Injection
- Remote code execution
- URL encoding
- Domain privacy and security
- Footprinting Domain details
- Technicalinfo.net labs
- Netcraft.com labs
Authentication Brute force
- .Htaccess used in linux labs
- Breaking Basic Authentication with Brutus Labs
Cookie / session security
- Why cookies are used
- Session management
- Cookie stealing
Buffer overflow attacks: In-depth
- Understanding memory
- Code layout and execution
- How Buffer overflows affect Web servers
- Stack based buffer overflow - Labs
Web application attacks
Enterprise Application Patterns
- Introduction to MVC
- Breaking a small application into MVC labs
- Overview of patterns
Web application hacking with Firefox
- Discovering hidden Ajax calls
- Dissecting applications using firebug
- Firebug labs
- Chickenfoot - labs
SQL Injection live
- Common SQL injection syntax
- Footprinting a database
- Hacking through SQL injection - labs
Interpreter injection
- Interpreter injection types
Overview of general preventive measures
- DOM based XSS injection
- Overview
- Example labs
- Defenses
HTTP response splitting
- Basic technique
- Cache poisoning techniques
- Countermeasures
DOS Attacks on Web applications
- Target: Webserver
- Target: Clients labs
E-commerce payments
- Online shopping carts
- Example of vulnerable implementations - labs
Phishing and URL encoding
- Phishing overview
- Sample yahoo Phishing - labs
- URL encoding attacks - labs
Dot Net security and practices
- Security Models
- Trust levels
- Methodologies
- Example code
Open Source Applications (CMS tools etc)
- Open source -Drupal labs
- Commercial Community server Labs
Web Vulnerability Scanners
- Approach
- Acunetix Web Scanner labs
- N-stalker labs
Pen Testing Web applications
- Methodologies
- Common tools used
Web Hacking with Google
- Google Dorks - labs
- Preventing Site crawling
Threat modeling overview
- Threats - STRIDE, DREAD
- Process of modeling
- Agile Software Development
Secure coding principles for Web applications
- Policies
- Using compiler defense mechanisms
- Source code analysis
- Code Review (Asp.net & J2EE)
VA and Pen Testing
OWASP Introduction
- Standard
- Top 10 vulnerabilities
- WebGoat -labs
- WebScarab - labs
VA assessment approach
- Cataloging assets
- Assigning values to resources
- Identifying Vulnerabilities
- Mitigating Vulnerabilities
Using Nessus
- Nessus overview
- Using Nessus for Pen testing - labs
NASL scripting overview
- Overview
- NASL code structure
- Sample NASL script - labs
Metasploit Framework
- Overview
- Using Metasploit - labs
Limitations of VA
- Automated tools limitations
- Why you should do Pen testing
Pen Testing methodologies
- Black-box testing
- Gray-box testing
- Approach on site
- Checklist
Pen Testing Tools - labs
- N-stealth
- Burp Proxy
- Acunetix WVS
- WebInspect
- Nitko
Server policy
- Common mistakes
- Using security templates -labs
- Best practices
Audit Policy
- Deciding what to Audit
- Setting up audit policy labs
- Best Practices
Risk Assessment Policy
- Threat identification
- Asset evaluation
- Calculating Risk assessment
Documentation and standards
- Creating pen testing reports
- Importance of documentation
- Open standards
Legalities
- Overview of Cyber laws
|
Courseware
There is no specific recommended book for the above program. Candidates attending the training will be given latest Reference notes in the industry for all the domains under the GNU GFDL License. Alternatively, a regularly updated electronic copy (pdf) will be freely available for download for all registered candidates.
A DVD Kit with the tools covered in the domains will be given to the candidates.
Certification
WAPT Lab Exam:
Gold Level : Achieved when a delegate clears the Bootcamps (Lab exams)
| 
