Detailed Course Outline
Module 1: Hacking and Securing web and application servers
- Attacking Authentication
- Advanced Username Enumeration/
- Brute Force Issues
- Exploiting SSO
- Session Management Issues
- Business Logic Bypass
- Authorization Issues
Module 2: Parameter Manipulation Attacks
- Cookie Analysis
- SSL Misconfiguration and Man in the Middle Attacks
- XSS: The Concept
- Same Origin Policy
- Identifying XSS
- Exploiting XSS
- Pitfalls in Defending XSS
Module 3: Identifying Cross Site Request Forgery (CSRF)
- Exploiting CSRF
- Fixing CSRF
- Carriage Return & Line Feed (CRLF) injection
- Hacking APIs
- SQL Injection
- LDAP, XPATH, XXE Injections
- Insecure HTTP Methods
- Malicious File Uploads