Application Security & Penetration Testing Training
OWASP TOP 10 Vulnerabilities
Injection: SQL Injection, OS Command Injection, Second Order SQL Injection, Injection Remediation.
Broken authentication: Predictable login credentials, User authentication credentials that are not protected when stored, Session IDs exposed in the URL, Session IDs vulnerable to session fixation attacks, Session value that does not time out or
get invalidated after logout, Session IDs that are not rotated after successful login, Passwords, session IDs, and other credentials sent over unencrypted connections, Session, Fixation, Session, Hijacking.
Sensitive data exposure:
Banking information: account numbers, credit card numbers, Health information.
Personal information: SSN/SIN, date of birth, etc., User account/passwords.
Broken access control: Bypassing access control checks by modifying the URL, internal application state, or the HTML page, or simply using a custom API attack tool, Allowing the primary key to be changed to another’s users record, permitting viewing or editing someone else’s account, Elevation of privilege. Acting as a user without being logged in, or acting as an admin when logged in as a user, Control token or a cookie or hidden field manipulated to elevate privileges, or abusing JWT invalidation, CORS misconfiguration allows unauthorized API access, Force browsing to authenticated pages as an unauthenticated user or to privileged pages as a standard user. Accessing API with missing access controls for POST, PUT and DELETE.
Security misconfigurations: Incorrect folder permissions, using default accounts or passwords, Setup/Configuration pages enabled.
Cross-site scripting (XSS): Persistent/Non-Persistent XSS
Insecure deserialization: JSON Issues
Using components with known vulnerabilities: Finding vulnerabilities using exploit-db.
Insufficient logging and monitoring: Log collection, Log management, Log monitoring/analysis.
XML external entities (XXE): Usage of XML payloads and attacking the application.
Lab Setup: VM Ware Workstation, Kali Linux, XAMPP Server.
Practices Websites: BWAPP, Port Swigger Lab, OWASP Juice Shop, few other labs to practice.
Tools: Burpsuit, Nessus, Veracode, IBM App Scan, GitHub Tools, Qualys Web Application, OWASP ZAP, netcat.
Research: Medium.com, Exploit-DB, Hacking Articles.
Bug Bounty Websites: Bug Crowd, Hackerone, Integrity.