Security Analysts, anyone interested in joining the Cybersecurity industry with at least 2 plus years of technical experience, who have access to data, and are in a need of making better-informed decisions. Earlier experience in handling similar roles will be helpful but not necessary to take full advantage of the program benefits.
Program Topic:
- Introduction of VAPT
- Different between VA and PT
- Tools Used to VAPT – Nessus, Netsparker, Acunetix, Appscan
- Introduction of Web Application
- Basic Protocols of Web Application
- Vulnerabilities of HTTP Protocols
- Setting Up Pentesting Lab Machine
- Configuration of Website And Database
- Penetration Testing Process
- Information Gathering As Hackers Perspective
- Setting Up Burp Suite
- Target Scope And Spidering
- OWASP Top 10 Vulnerabilities
- SANS 25 Vulnerabilities
- O-Days Vulnerabilities of Web Applications
- Authentication Bypass
- XSS (Reflected, Stored & DOM)
- CSRF (Cross Site Request Forgery)
- SQL Injection
- Authentication Testing
- Session Related Vulnerabilities
- Input Validation Testing
- Exploiting File Upload
- LFI/RFI Exploitation
- Penetration Testing CMS
- Server Side Attacks & Exploitation
- Misconfiguration Attacks
- Webserver Exploits
- Public Exploits
- Private Exploits
- Backdoor Installation on Server
- Network Pentesting with Kali
- Getting the Most Out of Nmap
- OS Fingerprinting and Version Scanning In-Depth
- The Nmap Scripting Engine
- The Nessus Vulnerability Scanner
- Netcat for the Pen Tester
- PowerShell for the Pen Tester
- Metasploit Coverage with Exploits
- Windows Command Line Kung Fu for Penetration Testers
- PowerShell’s Amazing Post-Exploitation Capabilities
- Automated Password Cracking
- Retrieving and Manipulating Hashes from Windows, Linux, and Other Systems
- Pivoting through Target Environments
- Extracting Hashes and Passwords from Memory with Mimikatz