Cyber Security & Ethical Hacking Course Curriculum
Penetration Testing Vulnerability Assessment & Penetration Testing • Introduction to the web application Vulnerability Assessment & Penetration Testing Standards to follow OWASP Top 10 Overview OWASP Security Testing Methodology SANS Top 25 Overview Intro to Big Bunty Program Different Bug Bounty Platforms Understanding In-Scope & Out-of-Scope Understanding the Vulnerability Priority
Explanation about any one Bug bounty platform About CTF in bug bounty (i.e. Hackerone) Application Analysis Understanding difference between Static & Dynamic Applications Analysis of the application flow Different categories of applications Analysis of the application functionalities and their functional cycle Authentication Testing
About Authentication Process Cycle
Understanding different login patterns Introduction to Burp Suite Authentication Bypass using SQL payloads Login Brute force User Enumeration Hard Coded Credentials Insecure Logout Implementation Strict Transport Security Not Enforced Testing OTP Length, Duration & Rate Limitation Mobile/Email OTP Bombing Leakage of OTP in Later Response Response Tampering OTP Bypass Testing IDOR – Token Based Authentication Sending User Credentials using GET method Testing the User Registration Process About User Registration Process Cycle Testing Input Validation – XSS Verification of Email address / Mobile Number Weak Username or un-enforced policies Weak password policies Testing Password Reset Functionality About Password Reset Functionality Cycle Testing authorization issue in-case of UID & Token Testing Life time of reset link Predictability of the token encryption (Base64 based encryption) Testing password reset token expiration Sensitive Data Exposure About Sensitive Data Exposure depending on Application Category Insecure Error Handling
HTML
CSS
Java
Information disclosure via metadata Insecure communication channel Hidden/sensitive directories & files in robots.txt Return of sensitive information in later responses (example: password, otp, other user’s private/sensitive information) API Communication About API Communication Authorization Header Analysis • Basic Authentication token • Barer Token • None • Custom About JWT Token pattern Un-Authenticated/Anonymous Access Testing for Cookie Attacks Understanding the cookie Life Cycle Weakness in cookie life cycle Cookie with sensitive data XSS via cookie Missing HTTP only Flag Missing Secure Flag Analysing authorization/privileges implementation through cookies Headers and Policy Scrunity CRLF Injection Host Header Injection Cross Origin Resource Sharing Click Jacking URL Redirection Session Management Issues Testing for Insecure Logout Implementation Testing for CSRF Vulnerability Bypass Methods of CSRF Vulnerability Testing for Authorized Testing Concept of Access Control & RBAC Insecure Direct Object Reference (IDOR) Testing for Vertical Privilege Escalation Testing Horizontal Privilege Escalation
Directory Traversal Data Validation Testing Malicious file upload Cross Site Scripting CSV Injection HTTP Parameter Solution Injections Remote Code Execution SQL Injection XML Injection / XXE OS Command Injection Testing Server Side Issues Testing for SSRF Template Injection Business Logic Issues About different payment methods Integration About Payment Tampering Method Straight Forward Payment Tampering Add-on Based Payment Tampering Coupon Based Payment Tampering Longitude and Latitude based payment tampering (In Case of CAB booking, if validation process depends on Long & Lat) Failure to Success Journey HTTP Parameter pollution (In case of Amount parameter) Getting High Benefits Features with Low Benefit cost (In case of Feature id) Test with Fake DC/CC with CVV Sensitive information Leakage Insecure Direct Object Reference (Getting Booking & Billing Details, in case of E-Comers application) Testing IDOR (In case QR Code generated based on ID value) Bypassing Attaching Mandatory Entities Cloud Misconfiguration AWS S3 Misconfiguration Testing for Security Misconfiguration Outdated Framework /CRM/ WordPress Enabled Directory Listing Default accounts with default passwords Miscellaneous Reflected File Download Accessing Default Files (i.e: phpmyadmin) Other Vulnerabilities Web Cache Posioning Foot Printing & Information Gathering About Red Team Assessment overview (RTA) Foot Printing & Info Gathering Concepts API Testing Introduction to postman Collection Integrating burp proxy to the postman collection. Ethical Hacking Introduction to Ethical Hacking: Basics of Ethical Hacking Types of Hackers Reconnaissance: Information Gathering Foot Printing Kali Linux Basics: Basic Commands of Kali Linux Configuration of Kali Linux Password Cracking:
Password Guessing Default passwords Password Dictionary Creation Brute Force Attacks: OTP Brute Forcing Password Brute Forcing Login Brute Forcing Injection Attacks: CSV Injection SQL Injection XXS Injection Phishing Attacks: Account Handover Privelege Escalation: High Privelege and Low Privelege Escalation Cryptography: Encryption Decryption Web Application Hacking Basics: Mobile Application Hacking: Vulnerability Analysis: Vulnerability Scanning: OWASP Top 10: Proxies & VPN: HTTP parameter pollution Attack User & Password Enumerations
