1. Basics of Information Security and Computer Networking
  • Introduction to Information Security
  • Hacking Methodologies and Security Auditing
  • Computer Networking
  • IP addressing and NAT
  • The Google Maps of the Internet
  • Ports and Services
  • Protocols, TCP/IP and OSI Model
  • Proxy and VPN
2. Information Gathering and Basics of Web Development
  • Digital Footprints and Information Gathering
  • Advanced Information Gathering about People and Websites
  • Google Dorking- Hacking using Google
  • Introduction to Web Architecture and Understanding Common Security
  • Misconceptions
  • HTML Basics
  • HTML and Introduction to Javascript
  • Introduction to PHP and Setting up XAMPP
  • Putting Brains into Beauty- Working with PHP
  • Handling User Input and Building Basic Applications using PHP
3. Introduction to Web VAPT, OWASP and SQL Injections
  • Introduction to VAPT and OWASP
  • Basics of Databases and SQL
  • Authentication Bypass using SQL Injection
  • GET based SQL Injection- Part 1
  • GET based SQL Injection- Part 2
  • POST based SQL Injection- Part 1
  • POST based SQL Injection- Part 2
  • Advanced SQL Injections
  • Automating SQL Injections- SQL Map
4. Advanced Web Application Attacks
  • Bypassing Client Side Filters using Burp Suite
  • IDOR and Rate-limiting issues
  • Arbitrary File Upload Vulnerabilities
5. Client Side Attacks
  • Understanding Important Response Headers, DOM, and Event Listeners
  • Fundamentals of Cross Site Scripting (XSS)
  • Understanding Forced Browsing and Session-Cookie Flaws
  • Cross Site Request Forgery (CSRF) and Open Redirections
  • Dictionary Based Brute Force Attacks Logical Brute Force Attacks
  • Personally Identifiable Information (PII) Leakage and Sensitive Information Disclosure
6. Identifying Security Misconfigurations and Exploiting Outdated Web Applications
  • Common Security Misconfigurations
  • Default/Weak Password Vulnerabilities
  • Fingerprinting Components with Known Vulnerabilities
  • Scanning for Bugs in WordPress and Drupal
  • Using Public Exploits
7. Automating VAPT and Secure Code Development
  • Information Gathering for Endpoints
  • Application Assessment using Nmap
  • Automating VAPT with Nikto and Burp Suite Pro
8. Documenting and Reporting Vulnerabilities
  • Documenting Stages of Vulnerabilities Using Tools
  • VAPT Reports: Developer Report v/s Higher Management Report
  • Concepts of Code Security and Patching
  • Parts of a VAPT Report
  • Common Good Practices and Bad Practices
9. The Final Project