Module 1: Tools for the Web Assessor
- Overview: This module introduces essential tools used for web application security assessments.
- Topics Covered:
- Overview of web assessment tools such as Burp Suite, OWASP ZAP, and Nikto.
- Techniques for setting up and configuring these tools for effective testing.
- Automating scans and customizing tools for specific assessment needs.
- Hands-on labs for practicing with web assessment tools.
Module 2: Cross-Site Scripting (XSS) Introduction, Discovery, Exploitation and Case Study
- Overview: Detailed exploration of XSS vulnerabilities, from discovery to exploitation.
- Topics Covered:
- Introduction to XSS: Reflected, Stored, and DOM-based XSS.
- Techniques for discovering XSS vulnerabilities.
- Crafting payloads for exploiting XSS vulnerabilities.
- Case studies demonstrating real-world XSS attacks and defenses.
- Hands-on labs for identifying and exploiting XSS vulnerabilities.
Module 3: Cross-Site Request Forgery (CSRF)
- Overview: Understanding and exploiting CSRF vulnerabilities to gain unauthorized actions.
- Topics Covered:
- Fundamentals of CSRF and its impact on web applications.
- Techniques for discovering and exploiting CSRF vulnerabilities.
- Methods for crafting CSRF exploits.
- Defenses and mitigation strategies against CSRF attacks.
- Practical exercises for exploiting CSRF vulnerabilities.
Module 4: Exploiting CORS Misconfigurations
- Overview: Identifying and exploiting misconfigurations in Cross-Origin Resource Sharing (CORS) to gain unauthorized access.
- Topics Covered:
- Understanding CORS and its role in web security.
- Techniques for discovering CORS misconfigurations.
- Methods for exploiting CORS vulnerabilities.
- Real-world examples of CORS exploitation.
- Hands-on labs for practicing CORS exploitation.
Module 5: Database Enumeration
- Overview: Techniques for enumerating databases to gather sensitive information.
- Topics Covered:
- Fundamentals of database enumeration.
- Tools and techniques for discovering and enumerating databases.
- Methods for extracting sensitive data from databases.
- Practical exercises for database enumeration.
Module 6: SQL Injection (SQLi)
- Overview: In-depth study of SQL injection vulnerabilities, from discovery to exploitation.
- Topics Covered:
- Introduction to SQL injection: types and impact.
- Techniques for discovering SQL injection vulnerabilities.
- Crafting and executing SQL injection payloads.
- Advanced SQL injection techniques.
- Case studies and hands-on labs for exploiting SQL injection vulnerabilities.
Module 7: Directory Traversal
- Overview: Understanding and exploiting directory traversal vulnerabilities to access unauthorized files.
- Topics Covered:
- Fundamentals of directory traversal.
- Techniques for discovering and exploiting directory traversal vulnerabilities.
- Methods for accessing sensitive files using directory traversal.
- Practical exercises for exploiting directory traversal vulnerabilities.
Module 8: XML External Entity (XXE) Processing
- Overview: Exploiting XXE vulnerabilities to interfere with XML processing and extract data.
- Topics Covered:
- Introduction to XXE and its impact on web applications.
- Techniques for discovering and exploiting XXE vulnerabilities.
- Methods for crafting XXE payloads.
- Real-world examples and hands-on labs for exploiting XXE vulnerabilities.
Module 9: Server-Side Template Injection (SSTI)
- Overview: Identifying and exploiting SSTI vulnerabilities to execute arbitrary code on the server.
- Topics Covered:
- Fundamentals of SSTI and its impact.
- Techniques for discovering SSTI vulnerabilities.
- Crafting payloads for exploiting SSTI.
- Case studies and practical exercises for exploiting SSTI vulnerabilities.
Module 10: Server-Side Request Forgery (SSRF)
- Overview: Exploiting SSRF vulnerabilities to interact with internal systems and services.
- Topics Covered:
- Understanding SSRF and its implications.
- Techniques for discovering and exploiting SSRF vulnerabilities.
- Methods for crafting SSRF payloads.
- Real-world examples and hands-on labs for SSRF exploitation.
Each module is designed to provide a comprehensive understanding of various web application vulnerabilities and their exploitation techniques, along with practical, hands-on experience to reinforce learning.
Note: **The topics said above are only the short blueprint of the syllabus. On the off chance that you feel that we have missed any subject, you can simply come to us and learn it, or simply call us to affirm
Call at 8010911256 | 8485846227 WebAsha Provides Best Online [Live Interactive Class] / Calssroom with practical based hands-on OffSec Web Assessor (OSWA) Training and Certification in Pune and near by area. Get Course Details, Certification Cost, Fees, Syllabus, Duration, Batch Timings, Exam Preparation, workshops in Pune, Mumbai, Delhi NCR, Noida, Gurugram (Gurgaon), Hyderabad, Bengaluru (Bangalore), India, UK, USA, UAE, Dubai, Singapore, and Australia