Web Application Security 

Web Application Security

Module 01: Introduction

 Lesson 01: Networking and Protocols

 Lesson 02: HTTP & HTTPS

Module 02: OWASP Top 10

 Lesson 01: Overview of Various Frameworks

 Lesson 02: Understanding the OWASP Top 10

Module 03: Reconnaissance for Bug Hunting

 Lesson 01: Subdomain Enumeration

 Lesson 02: Domain Filtering

 Lesson 03: Endpoint Enumeration

 Lesson 04: Analyzing Responses

Module 04: Advanced SQL Injection

 Lesson 01: Union-Based SQL Injection

 Lesson 02: SQL Authentication Bypass

 Lesson 03: Error-Based SQL Injection

 Lesson 04: Time-Based SQL Injection

 Lesson 05: In-Band and Out-of-Band SQL Injection

 Lesson 06: Custom Script Development for Automating Blind SQL Injection Processes

Module 05: Command Injection

 Lesson 01: Reviewing DVWA Source Code

 Lesson 02: PHP Command Injection with Various Functions

 Lesson 03: Bypassing Filters

Module 06: Session Management and Broken Authentication Vulnerability

 Lesson 01: Cookie Hijacking

 Lesson 02: HSTS Policy Bypass

Module 07: CSRF – Cross-Site Request Forgery

 Lesson 01: Bypassing Protection Mechanisms

Module 08: SSRF – Server-Side Request Forgery

 Lesson 01: Bypassing Filters

 Lesson 02: Checking Server-Side Configuration

Module 09: XSS – Cross-Site Scripting

 Lesson 01: Understanding JavaScript

 Lesson 02: Reflected XSS

 Lesson 03: Stored XSS

 Lesson 04: DOM-Based XSS

Module 10: IDOR – Insecure Direct Object Reference (Security Vulnerability)

 Lesson 01: UUID Protection

Module 11: Sensitive Data Exposure and Information Disclosure

 Lesson 01: GIT Source Code Disclosure

 Lesson 02: Client-Side Source Code Review

Module 12: SSTI – Server-Side Template Injection

 Lesson 01: Explaining Template Engines

 Lesson 02: Exploitation Techniques with Various Template Engines

Module 13: Multi-Factor Authentication Bypass

 Lesson 01: Brute-Force Attacks

 Lesson 02: Creating Wordlists

 Lesson 03: Bypassing Logic Errors

Module 14: HTTP Request Smuggling

 Lesson 01: Understanding HTTP/1.1 and HTTP/2

 Lesson 02: CL-TE Attack

 Lesson 03: TE-CL Attack

 Lesson 04: TE-TE Attack

Module 15: External Control of File Name or Path (Security Vulnerability)

 Lesson 01: Whitelisting and Blacklisting

 Lesson 02: Bypassing Blacklisting

 Lesson 03: Introduction to Regular Expressions

Module 16: LFI – Local File Inclusion and RFI – Remote File Inclusion (Security Vulnerabilities)

 Lesson 01: Traversal Payloads

 Lesson 02: WAF Bypass Techniques

 Lesson 03: Reading and Inclusion Differences

Module 17: Directory Path Traversal

 Lesson 01: File Reading via Path Traversal

Module 18: HTML Injection

 Lesson 01: Understanding HTML Web Pages

 Lesson 02: Reflected HTML Injection

 Lesson 03: Stored HTML Injection

Module 19: Host Header Injection

 Lesson 01: Overview of Apache Configuration

 Lesson 02: Explaining Host Headers

Module 20: File Upload Vulnerability

 Lesson 01: Explanation of POST Method

 Lesson 02: Encoded POST Method

 Lesson 03: Headers Related to File Upload

Module 21: JWT Token Attack

 Lesson 01: Understanding JWT Token Algorithms

 Lesson 02: Brute-Force Attacks on HS256 Algorithm

 Lesson 03: Bypassing Logic Errors

Module 22: Flood Attack on Web

 Lesson 01: Utilizing XXE Vulnerabilities for Denial of Service

 Lesson 02: Exploiting Business Logic for Denial of Service

Module 23: Report Writing

 Lesson 01: Creating Proof of Concepts (POCs)

 Lesson 02: Executive and Management Reports

 Lesson 03: Technical Reports for IT and Security Departments