Complete Web Application Penetration Testing Practical C|WAPT

0
50
Complete Web Application Penetration Testing Practical C|WAPT

Complete Web Application Penetration Testing Practical C|WAPT, Learn 100% Hands-On Real World Practical Approach!! Hack Websites Like PRO and protect your Company from Cyber Attacks.

Hello everyone..!!

Welcome to the CWAPT i.e. the Complete Web application Penetration Testing Practical Course. My name is DEBAYAN DEY and I will be your Instructor for the CWAPT Course.

Now, this course is designed for anyone interested in learning how an attacker attack and get the information from the website by exploiting various vulnerabilities available.

CWAPT is designed by keeping in mind that most of us are having laptops or computer machine to work for most of the time and in a survey, we came up with the answer that most of the Computer users are very much interested in Learning how Web Application Penetration Testing works and what is the process in which we use penetration testing and security skills to find different vulnerabilities in web applications. As we all know, websites and web servers play an important role in every modern organization, That’s why in this course curriculum, Only you need a computer device and this entire course is 100% practical based! isn’t this amazing ??? and everything will be explained in-depth, followed by reading materials and quizzes which will give you a boost in the field of Ethical Hacking!!! so all in one, you just require a computer device and turn it into a powerful ethical hacking machine.

A little brief about my name, I am a Certified Secure Computer User (CSCU) v2 and Certified Ethical Hacker (CEH V10) from EC COUNCIL

also, I am certified Google IT support from Google, and currently doing micromaster in the Field of Cyber Security from Rochester institute of technology (RIT) New York in edx.

here are a few of my other accomplishments in the field of cybersecurity,

  • Introduction to Cyber Attacks, New York University
  • introduction to Cybersecurity for business, University of Colorado System
  • Palo Alto Networks academy cybersecurity foundation, Palo alto networks
  • International cyber conflicts, The State University of New York
  • Cyber Attacks Countermeasures, New York University
  • Networking and Security Architecture with Vmware NSX
  • Enterprise System Management and security, University of Colorado System

Rest we’ll have a meet and greet section to know other Learners …!!!

so what’s there in this CAEHP COURSE?

First of all, I would love to tell you, that this course is not limited to time. you may see 4 or 5 sections today, once you land in this course after few weeks, you’ll see more sections and videos are added up. so this is the advantage of taking this course that you’ll get regular updates about the new features and attacks and how you, as a person as well as an organization or company can prevent such an attack.

The web application penetration testing key outcome is to identify security weaknesses across the entire web application and its components (source code, database, back-end network). It also helps in prioritizing the identified vulnerabilities and threats, and possible ways to mitigate them.

so keeping these outcomes in mind, in the 1st section of the CWAPT course,

you’ll come across the setting up the lab environment wherein you’ll download N install virtual box, then Kali Linux 2020, and the entire configuration.

  • Meet and Greet !!!
  • Downloading and installation of virtual box
  • Understanding of what is Virtual Machine
  • The download of Kali Linux Virtual Box image
  • Installation of Kali Linux 2020
  • Booting up kali in a virtual box for the 1st time
  • Default login and update and upgrade
  • Full Screen and understanding FSH i.e. File System Hierarchy
  • and much more with Reading Materials and Quizzes ..!!

in the 2nd section,

we will come across various commands used in Kali Linux and we’ll get familiar with our Hacking machine. this section is very important as you’ll be understanding the basic commands which we will be using in our course, so make sure you understand this section very clearly.

  • Basic Linux command who am i
  • Basic Commands su and PWD
  • Basic command ls touch nano
  • Basic command cat cp mkdir
  • Basic Command mv and rm
  • System and User Commands
  • Network commands
  • Add New User with full sudo Permission
  • How to delete a user using command line
  • and much more with Reading Materials and Quizzes ..!!

The next section, i.e. our 3rd Section will cover DVWA.

What is  DVWA?

DVWA is a DAMM VULNERABLE WEB APP coded in PHP/MYSQL. Seriously it is too vulnerable. In this app security professionals, ethical hackers test their skills and run these tools in a legal environment. It also helps web developers better understand the processes of securing web applications and teachers/students to teach/learn web application security in a safe environment.

  • What is DVWA
  • XAMPP Theory and Installation
  • DVWA download Install and configuration with XAMPP
  • Command Injection Low, Medium, and High Security
  • File Inclusion Low, Medium, and High Security
  • File Upload  Low, Medium, and High Security
  • XSS DOM Low, Medium, and High Security
  • XSS Reflected Low, Medium, and High Security
  • XSS Stored Low, Medium, and High Security
  • and much more with Reading Materials and Quizzes ..!!

DVWA aims to practice some of the most common web vulnerabilities, with various difficulty levels.

We gonna learn what is DVWA used for, we’ll use XAMP and understand its working.

As the name suggests DVWA has many web vulnerabilities. Every vulnerability has four different security levels, low, medium, high and impossible. The security levels give a challenge to the ‘attacker’ and also show how each vulnerability can be counter-measured by secure coding.

We’ll cover command injection, file inclusion, file upload various cross-site scripts, we will come across burp suite and much more

So every month, you’ll get regular updates in this DVWA section.

Coming to our 4th section, we will work with OWASP MUTILLIDAE.

OWASP Mutillidae II is a free, open-source, deliberately vulnerable web-application providing a target for web-security enthusiasts. it Has over 40 vulnerabilities and challenges. Contains at least one vulnerability for each of the OWASP Top Ten 2007, 2010, 2013, and 2017.

  1. Download and install Mutillidae II
  2. Root access denied fixed
  3. SQL Injection
  4. SQL Injection Re explained
  5. SQL injection with SQL MAP
  6. How to solve show hints in security level 5 challenge
  7. How to scan a web server using NIKTO
  8. XSS in Mutillidae Theory and Practical
  9. DOM-based XSS Explanation
  10. Reflected XSS
  11. Stored XSS
  12. BEEF Framework
  13. and much more with Reading Materials and Quizzes ..!!

So from a variety of 40 vulnerabilities, 1st we gonna cover, SQL injection, SQL map, how to solve security level challenges, we’ll learn how to scan web servers using Nikto, various XSS attacks, MORE Importantly, we will learn the usage of burp suite, and neef Framework, which is very essential to understand and learn from Website Penetration tester perspective and we have much more to cover in this section as well.

So every month, you’ll get regular updates in this Mutillidae section as well.

Coming to our next section, i.e. 5th Section, we have the OWASP JUICE shop.

OWASP Juice Shop is probably the most modern and sophisticated insecure web application! It can be used in security training, awareness demos, Ctfs, etc.

  1. What is OWASP Juice shop and installation of nodejs and npm
  2. OWASP juice shop up in running
  3. Finding the Score Board Level 1 Difficulty Challenge
  4. Zero Star Feedback Level 1 Difficulty Challenge
  5. Access Confidential Document Level 1  Difficulty Challenge
  6. DOM-based XSS Level 1 Difficulty Challenge
  7. Error Handling Level 1 Difficulty Challenge
  8. Missing Encoding Level 1 Difficulty Challenge
  9. Bonus Payload DOM XSS Level 1 Difficulty Challenge
  10. Exposed Metrics Level 1 Challenge
  11. Outdated WhiteList Level 1 Challenge
  12. Privacy Policy Level 1 Difficulty Challenge
  13. Repetitive Registration Level 1 Difficulty Challenge
  14. and much more to cover …!!!

Juice Shop encompasses vulnerabilities from the entire OWASP Top Ten along with many other security flaws found in real-world applications!

Currently, we are having 6 levels in owasp juice shop. we will start with level 1 and gradually increase our difficulty level.

We gonna cover, missing encoding, error handling security, confidential document, how to extract sensitive data, we’ll see how we can invade privacy policy, weird cryptographic issues, and much more.

So every month, you’ll get regular updates in the Owasp Juice Shop section as well.

So, by going through all these sections, you’ll be comfortable enough to understand how Web Application Penetration Testing works and with regular updates, you’ll be able to brush up your skills as well.

Plus you’ll have a bonus section as well which will guide you through various upcoming courses as well my Instagram page and youtube channel where you’ll get regular updates in the field of cybersecurity and travel and tourism across the globe.

So all the sections will cover Quizzes, Assignments, and Reading Materials.

Also, all the sections will be updated regularly and new sections will also be added up, so once you are enrolled in the course, you’ll surely gonna learn various techniques for how attackers attack and how we can save ourselves from getting attacked.

  • Most importantly, this course is completely for educational purpose
  • all the attacks which an attacker performs are demonstrated to you so that you understand the technology and the art behind it and you’re not fooled by any kind of social engineering.
  • This course is for educational and awareness purposes, to make everyone aware and be safe and protect your data.
  • It’s a request, please do not perform any illegal activities, Udemy and me ( Debayan Dey ) are not responsible for the illegal activities you perform.

Feel Free to Reach out at any point of time, I will be happy to help you, and if you face any PROBLEM, just post your DOUBTS, you will be Answered within 24hrs to 48hrs of time ..!!!!!

so, welcome to the world of Complete Web application Penetration Testing Practical Course.

ARE YOU EXCITED to learn 100% complete practical course and help your family, Organization and Company stay secured and safe from data theft and hackers?

wish you all the best !!!

Do follow our Instagram page and youtube channel for regular updates.

Wish you all the best…!!!

See you in the course landing page ….!!!!

Enroll Now

Previous articleShopify Guide: Start your own clothing brand with Shopify
Next articleShopify Bootcamp: Increase Your Sales and Conversion rate

LEAVE A REPLY

Please enter your comment!
Please enter your name here