Professional Documents
Culture Documents
MAN SEC WAPT Syllabus
MAN SEC WAPT Syllabus
SYLLABUS
What you will learn
The learning path covers workstation setup, including
installation and configuration of Burp Suite with the Firefox web browser. Certificate
installation and proxy configurations are covered in order to allow newcomers to start
pentesting immediately.
Covers a variety of pentesting tools and Burp extensions such as Turbo Intruder,
Intruder File Payload Generator, SQLMap and many more.
Course closes out the learning path with pentesting advice, a path recap and a
look at the final project.
Introduction Reconnaissance
◯ Introduction to the course. ◯ Foot printing Domain details (whois) -
◯ How to get most out of the course Technicalinfo.net
◯ Resources you will need for the course ◯ OS and Service fingerprinting – Netcraft.com,
Banner grabbing, HTTPprint
◯ What is WAPT?
◯ Google hacking
Introduction to Web-application ◯ Load balancer Identification
◯ What is web application?
◯ Spidering a web site (wget, Burp spider)
◯ History of Web-Applications
◯ Existing problems and challenges in
Server-side and Client-side security controls
◯ Input Validation & Output validation (encoding)
present web applications
◯ Insufficient input & output validations
◯ Overview of web application defences
◯ Validation approaches
Basics ◯ Bypass Server-side validations
◯ How a web application works
Mastering Burp suite
◯ Architecture of web applications
◯ Introduction to burp suite
◯ Basics of HTML, CSS and Javascript
◯ Configuring burp suite
◯ Basics of any server-side language
◯ Burp proxy, Burp Spider, Burp Intruder, Burp
(PHP/J2EE/ASP.NET)
Repeater, Burp Sequencer
HTTP Protocol
Injections
◯ Overview of RFC 2616
◯ SQL Injection, Blind SQL Injection, Command
◯ HTTP Messages & Entities
Injection, LDAP Injection, XPATH Injection,
◯ HTTP Request, HTTP Response
Other Injections
◯ HTTP Status Codes
◯ Implications of Injections
◯ Various types of encoding schemes
◯ Test methodology for injections
◯ Remediation
Web servers and clients
IIS Server, Apache Server and Other
Cross-site Scripting
◯