(WAPT) Web Application Penetration Testing

Transcription

1 (WAPT) Web Application Penetration Testing Module 0: Introduction 1. Introduction to the course. 2. How to get most out of the course 3. Resources you will need for the course 4. What is WAPT? Module 1: Introduction To Web-application 1. What is web application? 2. History of Web-Applications 3. Existing problems and challenges in present web applications 4. Overview of web application defenses Module 2: Basics 1. How a web application works 2. Architecture of web applications 3. Basics of HTML 4. Basics of CSS 5. Basics of Javascript 6. Basics of any server-side language (PHP/J2EE/ASP.NET) Module 3: HTTP Protocol 1. Overview of RFC HTTP Messages & Entities 3. HTTP Request 4. HTTP Response 5. HTTP Status Codes 6. Various types of encoding schemes Module 4: Web servers and clients 1. IIS Server 2. Apache Server 3. Other Servers 4. Browsers 5. Browser s same origin policy 6. Other Web enabled Clients

2 Module 5: Server-side and Client-side security controls 1. Input Validation 2. Output validation (encoding) 3. Insufficient input & output validations 4. Validation approaches White list approach Black list approach 5. Bypass thin/thick(decompile) client validations Flash Java 6. Leveraging Ajax and web 2.0 in attacks 7. Bypass Server-side validations Module 6: Mastering Burp suite 1. Introduction to burp suite 2. Configuring burp suite 3. Burp proxy 4. Burp Spider 5. Burp Intruder 6. Burp Repeater 7. Burp Sequencer Module 7: Injections 1. SQL Injection 2. Blind SQL Injection 3. Command Injection 4. LDAP Injection 5. XPATH Injection 6. SOAP Injection 7. File Includes 8. Other Injections 9. Implications of Injections 10. Test methodology for injections 11. Remediations Module 8: Cross-site Scripting 1. Reflected XSS 2. Stored XSS 3. DOM XSS 4. Implications of XSS 5. Test Methodology for XSS

3 6. Remediations Module 9: Cross-site Request Forgery 1. CSRF with GET method 2. CSRF with POST method 3. Implications of CSRF 4. Test methodology for CSRF 5. Remediations Module 10: Authentication testing 1. Introduction to Authentication 2. Guessable Passwords 3. Failure Messages 4. Brute forcing login 5. Plain text password transmission 6. Improper implementation of forgot password functionality 7. Remember Me Functionality 8. Guessable User names 9. Multi factor authentication flaws 10. Fail-Open Login Mechanisms 11. Insecure Storage of Credentials 12. Remediations Use Strong Credentials Transmit the credentials securely Log, Monitor, and Notify Module 11: Authorization testing 1. Introduction to authorization 2. Implementation weaknesses in authorization 3. Horizontal privilege escalation 4. Vertical privilege escalation 5. URL, Form, cookie based escalation Module 12: Types of web application security testing 1. Black box testing 2. White box tesing 3. Grey box testing 4. Vulnerability Assessment vs Penetration testing 5. Web application penetration test scope and process 6. Legalities of the VAPT

4 Module 13: Reconnaissance 1. Foot printing Domain details (whois) - Technicalinfo.net 2. OS and Service fingerprinting Netcraft.com, Banner grabbing, HTTPprint 3. Google hacking 4. Load balancer Identification 5. Spidering a web site (wget, Burp spider) 6. Application flow charting 7. Relationship analysis within an application 8. Software configuration discovery Module 14: SSL & Configuration testing 1. Testing SSL / TLS cipher 2. Testing SSL certificate validity client and server 3. Infrastructure and Application Admin Interfaces 4. Testing for HTTP Methods and XST 5. Testing for file extensions handling 6. Old, Backup and Unreferenced Files 7. Application Configuration Management Testing Module 15: Session Management testing 1. Need for session and state 2. Ways to implement state 3. how session state work 4. What are cookies 5. Common Cookies and Session Issues Attacks on Cookies and Session Session hijacking Session Fixation Session replay 4. Man in the middle Cookie / session security Http only X-Frame-option Use of SSL Module 16: Brute force web applications 1. Brute force authentication 2. Brute force Authorization 3. Brute force web services 4. Brute force web server 5. Brute force.htaccess

5 Module 17: Parameter Manipulation 1. Query string manipulation 2. Form field manipulation 3. Cookie manipulation 4. HTTP header manipulation Module 18: Other Attacks 1. Sniffing 2. Phishing 3. Vishing 4. D(D)OS Attacks 5. Unvalidated Redirects and Forwards Module 19: Samurai WTF 1. Introduction to Samurai WTF 2. Various Tools in Samurai WTF 3. Nikto 4. w3af 5. BeEF Framework 6. Fuzzing and JBroFuzz 7. DirBuster 8. Netcat 9. Brutus and Hydra 10. Overview of various Proxies (zed, rat, paros, webscarab) Module 20: Firefox security Add-ons 1. Tamper Data 2. SQL inject me 3. XSS me 4. Firebug 5. Live HTTP headers 6. Foxy Proxy 7. Web Developer Module 21: Automated Scanners 1. Acunetix 2. IBM App Scan 3. Burp Scanner 4. Effectiveness of Automated tools 5. Reduction of False positives and false Negatives

6 Module 22: VAPT Methodologies: 1. OWASP 2. SANS WAHH 4. OWASP Check-list Module 23: Reporting 1. Importance of documentation 2. OWASP Risk rating methodology 3. Creating managerial, technical VAPT reports 4. Open reporting standards