Web Sentinel: Advanced Penetration Testing Training

Introduction

Web application security is a prominent and rapidly evolving field within the realm of cybersecurity. Mastery of ethical hacking can only be achieved with the possession of a broad and well-practiced set of modern abilities. Enrol in this interactive, 1-day workshop to enhance your skills in web hacking and expand your professional opportunities. Engage in our renowned virtual laboratories and acquire practical knowledge from seasoned penetration testers who have a long-standing history of training at diffrent Industry.


  • Who Should Attend
    • The intended audience comprises college students, professors and academic scholar.
    "T"
  • Key learning objectives
    • This course employs a Defence by Offence approach that is grounded in actual battles and offensive research, rather than just theoretical concepts. Every aspect of our teachings has undergone rigorous experimentation and evaluation in both real-world settings and controlled laboratory situations. This ensures that you may readily apply the knowledge acquired throughout the training immediately upon its completion. Upon completion of the course, you will possess knowledge in the following areas: Strategies for adopting the mindset and conduct of a sophisticated, actual threat actor, methods for recognising frequently exploited vulnerabilities that have resulted in recent instances of harm and disruption methods for implementing the most recent and prevalent web application exploits (including many innovative ways that are undetectable by scanning tools). Methods for assessing vulnerabilities within your organisation and adapting hacking strategies accordingly
  • Prerequisite Knowledge

      • Delegates must possess the following prerequisites in order to fully optimise their learning experience:

    • Proficient understanding of web application security.
    • Proficiency in standard command line syntax.
    • Proficiency in utilising virtual laboratories for penetration testing and/or offensive research
    • Fundamental proficiency in Burp Suite (https://portswigger.net/burp/communitydownload)
  • Utilities/Software Requirements
    • Burp Suite (available for download here: https://portswigger.net/burp/communitydownload)
  • System Requirements
    • Min 50 GB free Hard disk space and 8 GB RAM preferred.
  • Hardware Requirements
    • Working Personal laptop with Windows 10/11, Linux(Kali/Ubuntu) in Host machine installed.

      • **no Netbooks, no Tablets, no corporate laptop due to restriction’s enabled

  • What Students will be provided

      • You will acquire practical knowledge through direct experience:

    • Dedicating the majority of the session (about 80%) to practical activities conducted in a laboratory setting.
    • Utilising laboratory-based methodologies to investigate and manipulate realistic web environments.
    • Experimenting with various hacking methodologies to exploit the OWASP Top 10 and other prevalent vulnerabilities.
    • Engaging in discussions with your course leader to comprehend the ramifications of the hacks that were addressed in the case studies.
  • Agenda

    • Module 1: Introduction

    • Lab setup and case studies.
    • Burp Suite features recap.

    Module 2: OWASP TOP 10 vs OWASP Application Security Verification Standard (ASVS) High-level overview

    Module 3: EXTENSIBLE MARKUP LANGUAGE (XML) Attacks

    • XML Injection
    • XPATH Injection
    • XXE basic

    Module 4: DATA LEAKAGE USING OUT OF BAND EXPLOITATION (OOB) TECHNIQUES

    • ICMP Exfiltration
    • DNS Exfiltration using nc, cURL,wget, net.exe, telnet data leak over OOB
    • SQL injection data leak using OOB

    Module 5: BREAKING CLIENT SIDE CRYPTOGRAPHY

    • JS Debugging and identify encryption logic
    • Build exploit to break client side encryption
Ravikumar

Ravikumar is a HOD at Net Square, providing cutting edge information security services to clients around the globe. He has an M.C.A. from UTU University. He has more than nine years of experience starting from web application developer and information security. His work bug hunting and responsible disclosure have led him into the top 50 Google Vulnerability Reward Program also include Microsoft, Apple, Oracle and many more. He has been performing Web Application, iOS, and Android pentest and leads Net Square’s professional services team. Ravikumar has led the evolution of Net-Square's capability from doing application architecture audits to application pen testing to performing hybrid attacks testing which also includes performing red teaming.


Nikunj

Mr. Nikunj Sapara, a Security Analyst at Net Square. With a BCA degree from Saurashtra University and an M.Sc. in Cyber Security & Cyber Law from Marwadi University, Rajkot, he brings a wealth of knowledge to the field. He is proficient in Web, Mobile application, and Network testing.