ITSecr00t Web
Application Security Expert(ITSecr00t WASE)
--------------------------------
--> HTTP
Basics
How HTTP
works?
Different
Request methods
HTTP
request/response examples
Understanding
HTTP error codes
Use of cookies
How to detect
cookies
Using HTTP
interceptor tools
Using Paros to
intercept HTTP traffic
Web
Application Security
--> Why web
application security
Understanding
difference between network and application security
Introduction
to WASC
Introduction
to OWASP top 10
Learning OWASP
Vulnerabilities ( Concept + Threat Modeling + Finding out the vulnerability in
a web application)
-->SQL
injection concepts
mysql union
based
mysql blind
mysql error
based
sybased sql
injection
mssql error
based
mssql union
based
oracle
injection (oracle padding)
msacces
injection
--> Owasp
Top 10 vuln Exploitation & Patching
Injections
Broken
Authentication and session management
Cross-Site
Scripting (XSS)
Insecure
Direct Object References
Security
Misconfiguration
Sensitive Data
Exposure
Missing
Function Level Access Control
Cross-Site
Request Forgery (CSRF)
Using Known
Vulnerable Components
Unvalidated
Redirects and Forwards
-->
Inclusion
php inclusion
iframe
inclusion
swf inclusion
-->
Hands-on pentesting tools:
WebGoat
IBM Appscan
Metasploit
GFI languard
WebInspect
IIS lockdown
Nikkto
Acunetix
w3af / vega
Owasp tools
Burp Suite
---------------------------------------------------------------------------------------------------------------------------------------------------------------------
ITSecr00t
Ethical Hacking Cource (ITSecr00t EHC)
Introduction
to Ethical Hacking
Informtion
Gathering
Scanning
LAN Hacking
Backdoors and
Trojans
System Hacking
Password
Cracking & Countermeasures
Email Hacking
& Security
Web server
Hacking
Web
application Hacking
SQL Injection
Google Hacking
Denial of
service attack
Cryptography
Wireless
Hacking
Sniffing
Social
Engineering
Firewall &
IDS System
VPN &
Proxies
Vulnerbility
assement
Metaspolit
Penetration
Testing
Exploit
writing
Bufferoverflow
-------------------------------------------------------------------------------------------------------------------------------------------------------
ITSecr00t
Network Security Expert (ITSecr00t NSE)
Network
Concepts
Network
Protocols & Standards
Networking
Components
TCP/IP
Fundamentals
TCP/IP
Utilities
Foot Printing
Scanning
Enumerating
ARP
Poisening/spoofing
DNS
spoofing/poisening
Trojans,
Backdoors & Sniffers
Denial of
Service Attacks & Session Hijacking
Honey Pots
Viruses, Worms
& Buffer Overflows
Packet
Analysis
Log Analysis
Firewalls
(windows / Linux)
IDS/IPS
NIDS (Squid
server , snort)
Web
application Firewall configuration (WAF)
Metasploit
-------------------------------------------------------------------------------------------------------------------------------------------------------------------
ITSecr00t
Python Scripting Expert (ITSecr00t PSE)
Module 1:
Python Scripting – Language Essentials
Introduction
to Interpreted Languages and Python
Data Types and
variables
Operators and
Expressions
Program
Structure and Control
Functions and
Functional Programming
Classes,
Objects and other OOPS concepts
Modules,
Packages and Distribution
Python in
Linux and Unixes
Python in
Windows
Python in
Mobiles: iPhone and Androids
Python in
Embedded Devices: Routers
Module 2:
System Programming and Security
I/O in Python
File and
Directory Access
Multithreading
and Concurrency
Inter Process
Communication (IPC)
Permissions
and Controls
Module 3:
Network Security Programming – Sniffers and Packet Injectors
Raw Socket
basics
Socket
Libraries and Functionality
Programming
Servers and Clients
Programming
Wired and Wireless Sniffers
Programming
arbitrary packet injectors
PCAP file
parsing and analysis
Module 4:
Attacking Web Applications
Web Servers
and Client scripting
Web
Application Fuzzers
Scraping Web
Applications – HTML and XML file analysis
Web Browser
Emulation
Attacking Web
Services
Application
Proxies and Data Mangling
Automation of
attacks such as SQL Injection, XSS etc.
Module 5:
Exploitation Techniques
Exploit
Development techniques
Immunity
Debuggers and Libs
Writing
plugins in Python
Binary data
analysis
Exploit
analysis Automation
Module 6:
Malware Analysis and Reverse Engineering
Process
Debugging basics
Pydbg and its
applications
Analyzing live
applications
Setting
breakpoints, reading memory etc.
In-memory
modifications and patching
Module 7:
Attack Task Automation
Task
Automation with Python
Libraries and
Applications
Case Studies
-------------------------------------------------------------------------------------------------------------------------------------------------------------------
ITSecr00t
Server Security Expert (ITSecr00t SSE)
-------------------------------------------------------------------------------------------------------------------------------------------------------------------
ITSecr00t
Linux Administration Expert (ITSecr00t LAE)
-------------------------------------------------------------------------------------------------------------------------------------------------------------------
ITSecr00t
Linux Security Expert (ITSecr00t LSE)
-------------------------------------------------------------------------------------------------------------------------------------------------------------------
0 comments:
Post a Comment