Course

Objective:

Learning Outcomes:

• Create an HTML webpage in Visual Studio Code by structuring content, styling elements, inserting media, and building interactive forms
• Develop JavaScript skills by creating variables, applying operators, writing conditional statements, and building simple functions with different data types
• Investigate and analyze web pages using Chrome Developer Tools to modify content, test code, and examine network activity
• Analyze client-side form validation to identify techniques for bypassing input checks
• Implement secure server-side PHP validation to enforce input integrity and prevent injection
• Implement a Burp Suite proxy with Firefox to intercept and analyze HTTP/S traffic
• Simulate attacks with Burp Repeater and Intruder to test authentication and input handling
• Implement a Burp Suite proxy with Firefox to intercept HTTP/S traffic
• Analyze intercepted HTTP/S requests with Burp tools to evaluate input handling and authentication resilience
• Enumerate subdomains and hidden directories to map an application's attack surface
• Analyze HTTP headers and error responses to identify information leakage and technology fingerprinting
• Identify and classify reflected, stored, and DOM-based XSS vulnerabilities
• Demonstrate XSS exploitation and filter-bypass techniques to assess attack impact
• Create a MariaDB database and table using appropriate data types and query the database to retrieve stored information
• Apply SQL injection techniques to bypass authentication and extract database schema and data
• Compare manual SQLi testing with automated SQLMap exploitation to evaluate detection and remediation effectiveness
• Perform command injection to confirm vulnerabilities and execute system commands in a controlled environment
• Analyze injection behavior using timing delays and out-of-band techniques to assess impact and execution context
• Identify file inclusion and path traversal vulnerabilities in web application file-handling features
• Execute path traversal and inclusion techniques to access restricted files in a controlled environment
• Identify insecure file upload handling and validation weaknesses that enable dangerous uploads
• Demonstrate bypass techniques
• Explain how a web shell can lead to remote code execution
• Identify CSRF vulnerabilities in web applications by testing GET and POST vectors
• Demonstrate CSRF exploitation to perform unauthorized actions and evaluate token-based mitigations
• Identify SSRF vulnerabilities and classify attack types, including basic, blind, and cloud metadata exposures
• Perform SSRF exploitation techniques (timing, callbacks, IP encoding, protocol smuggling) to assess access to internal resources
• Test authentication systems using enumeration and injection techniques to identify security weaknesses
• Analyze authentication responses and error behaviors to determine susceptibility to credential-stuffing and injection attacks
• Apply a comprehensive authentication testing workflow to assess authentication mechanisms and brute-force resilience
• Analyze session management and authentication flows to identify exploitable weaknesses and discovery opportunities
• Analyze password recovery workflows to identify weaknesses such as predictable tokens, header poisoning, and parameter manipulation
• Assess session and 2FA protections for susceptibility to bypass techniques
• Identify insecure direct object references in URLs, POST data, files, and cookies
• Demonstrate access to unauthorized resources via insecure direct object references in a controlled environment
• Analyze JWT-based authentication flows to identify weaknesses such as signature validation bypass, algorithm confusion, weak secrets, and claim tampering
• Demonstrate techniques to bypass weak JWT handling and manipulate claims in a controlled testing environment

General Topics: