Module 1: Introduction to WAPT

Module 2: Setting Up the Environment

Step-by-step guide to installing Burp Suite.

Configuration and customization of Burp Suite for web application testing.

Introduction to intentionally vulnerable web applications (NebLab, and OWASP WebGoat).

Module 3: Basic Concepts of Web Application Testing

Understanding the fundamentals of HTTP and HTTPS

Exploring HTTP methods, headers, and responses.

Overview of common web application architectures.

Identifying key components in web applications.

Identifying key components in Server and Vulnerabilities

Module 5: Authentication Testing

Introduction to Password Policies Assessment

Verifying Password Strength and Complexity

Password Cracking Techniques and Countermeasures

Evaluating MFA Implementation

Bypassing Weak MFA Configurations

Module 6: Authorization Testing

Access Controls Assessment Fundamentals

Identifying and Exploiting Insecure Direct Object References (IDOR)

Misconfigurations Leading to Authorization Bypass

Session Management Exploitation

Session Fixation and Hijacking

Session Timeout and Token Manipulation

Module 7: Input Validation Testing

SQL Injection Fundamentals

Manual Techniques for SQL Injection

Automated Tools (e.g., SQLMap) for Exploitation

Introduction to Cross-Site Scripting (XSS) Exploitation

Crafting and Exploiting XSS Payloads

Module 8: Security Misconfigurations

Introduction to Misconfiguration

Identifying Misconfigurations

Exploiting Misconfigurations for Unauthorized Access

Assessing Web Server, Application Server, and Database Server Configurations

Module 9: Cross-Site Request Forgery (CSRF) Testing

8.1 Understanding CSRF Attacks

Crafting and Executing CSRF Attacks

Countermeasures to Protect Against CSRF

Module 10: Security Headers Assessment

Importance of Security Headers

Analyzing and Identifying Missing or Misconfigured Headers

Exploiting Security Header Vulnerabilities

Module 11: Data Security Assessment

Analyzing Data Handling Practices

Encryption in Transit (SSL/TLS) and At Rest

Assessing Secure Data Storage

Apendix

Introduction to Web Application Penetration Testing (WAPT).

Welcome to the Offensive Security course on Web Application Penetration Testing (WAPT). In this course, we delve into the world

You are unauthorized to view this page.

Offensive Web Application Penetration Testing - OWAPT

Introduction to Web Application Penetration Testing (WAPT).