Web Application Security
Web Application Security
Module 01: Introduction
Lesson 01: Networking and Protocols
Lesson 02: HTTP & HTTPS
Module 02: OWASP Top 10
Lesson 01: Overview of Various Frameworks
Lesson 02: Understanding the OWASP Top 10
Module 03: Reconnaissance for Bug Hunting
Lesson 01: Subdomain Enumeration
Lesson 02: Domain Filtering
Lesson 03: Endpoint Enumeration
Lesson 04: Analyzing Responses
Module 04: Advanced SQL Injection
Lesson 01: Union-Based SQL Injection
Lesson 02: SQL Authentication Bypass
Lesson 03: Error-Based SQL Injection
Lesson 04: Time-Based SQL Injection
Lesson 05: In-Band and Out-of-Band SQL Injection
Lesson 06: Custom Script Development for Automating Blind SQL Injection Processes
Module 05: Command Injection
Lesson 01: Reviewing DVWA Source Code
Lesson 02: PHP Command Injection with Various Functions
Lesson 03: Bypassing Filters
Module 06: Session Management and Broken Authentication Vulnerability
Lesson 01: Cookie Hijacking
Lesson 02: HSTS Policy Bypass
Module 07: CSRF – Cross-Site Request Forgery
Lesson 01: Bypassing Protection Mechanisms
Module 08: SSRF – Server-Side Request Forgery
Lesson 01: Bypassing Filters
Lesson 02: Checking Server-Side Configuration
Module 09: XSS – Cross-Site Scripting
Lesson 01: Understanding JavaScript
Lesson 02: Reflected XSS
Lesson 03: Stored XSS
Lesson 04: DOM-Based XSS
Module 10: IDOR – Insecure Direct Object Reference (Security Vulnerability)
Lesson 01: UUID Protection
Module 11: Sensitive Data Exposure and Information Disclosure
Lesson 01: GIT Source Code Disclosure
Lesson 02: Client-Side Source Code Review
Module 12: SSTI – Server-Side Template Injection
Lesson 01: Explaining Template Engines
Lesson 02: Exploitation Techniques with Various Template Engines
Module 13: Multi-Factor Authentication Bypass
Lesson 01: Brute-Force Attacks
Lesson 02: Creating Wordlists
Lesson 03: Bypassing Logic Errors
Module 14: HTTP Request Smuggling
Lesson 01: Understanding HTTP/1.1 and HTTP/2
Lesson 02: CL-TE Attack
Lesson 03: TE-CL Attack
Lesson 04: TE-TE Attack
Module 15: External Control of File Name or Path (Security Vulnerability)
Lesson 01: Whitelisting and Blacklisting
Lesson 02: Bypassing Blacklisting
Lesson 03: Introduction to Regular Expressions
Module 16: LFI – Local File Inclusion and RFI – Remote File Inclusion (Security Vulnerabilities)
Lesson 01: Traversal Payloads
Lesson 02: WAF Bypass Techniques
Lesson 03: Reading and Inclusion Differences
Module 17: Directory Path Traversal
Lesson 01: File Reading via Path Traversal
Module 18: HTML Injection
Lesson 01: Understanding HTML Web Pages
Lesson 02: Reflected HTML Injection
Lesson 03: Stored HTML Injection
Module 19: Host Header Injection
Lesson 01: Overview of Apache Configuration
Lesson 02: Explaining Host Headers
Module 20: File Upload Vulnerability
Lesson 01: Explanation of POST Method
Lesson 02: Encoded POST Method
Lesson 03: Headers Related to File Upload
Module 21: JWT Token Attack
Lesson 01: Understanding JWT Token Algorithms
Lesson 02: Brute-Force Attacks on HS256 Algorithm
Lesson 03: Bypassing Logic Errors
Module 22: Flood Attack on Web
Lesson 01: Utilizing XXE Vulnerabilities for Denial of Service
Lesson 02: Exploiting Business Logic for Denial of Service
Module 23: Report Writing
Lesson 01: Creating Proof of Concepts (POCs)
Lesson 02: Executive and Management Reports
Lesson 03: Technical Reports for IT and Security Departments