COURSE OBJECTIVES
This course will be providing abstract knowledge of the security of overall web network. This course will then lead towards Penetration testing techniques for web application and later on move towards the cloud and forensic techniques. Every module will be heading after hands-on practice. At the end of this course, the student will be able to test the web applications and can provide the solution for the identified issue.
COURSE LEARNING OUTCOMES (CLO)
CLO: 1. Learn and Recognize different ways of security testing of web applications.
CLO: 2. Learn How to suggest solutions for vulnerabilities found in web applications
CLO: 3. Apply web application security testing knowledge to different available web applications/web sites in real world environment.
COURSE CONTENTS
\• Basic introduction about the course and the agenda. Introduction to Web Security and basic terminologies
• Basics of penetration testing, types and scope. Web Architecture, Web Application architecture
• Web Security Structure. Kali Linux and DOJO Environment Setup
• Basic testing on kali linux including zone transfers, directory traversals. Harvester ,Nmap introduction and practice.
• Metasploit and activities, Antivirus evasion and techniques. Owasp Top 10 vulnerabilities in web application
• Owasp Top 10 vulnerabilities continued
• Vulnerability assessment using automated tools Sqlmap, nikto, owaspzap, vega, nessus
• Practice on DOJO, Interception using web scarab. SSL and its implementation with encryption techniques. Session Security.
• Session Security Continued. Introduction to burpsuite and contents. Burpsuite hands on practice.\
• Security polices, standards, roles segregations
• Firewall and its purpose, IDS and purpose. Physical security and authentication (radius OTP)\\
• Reporting, Incident Response. Incident Response on a scenario
• Introduction to Digital Forensics. Forensics in Web and challenges
• Cloud computing. Cloud Security
• Overview of complete web testing and reporting