Detailed Course Outline
Day 1
Information gathering, profiling and cross-site scripting
- Understand
- HTTP protocol
- Identify the attack surface
- Username enumeration
- Information disclosure
- Issues with SSL / TLS Cross-site scripting
- Cross-site request forgery
Day 2
Injection, flaws, files and hacks
- SQL injection
- XXE attacks
- OS code injection
- Local / remote file include?
- Insecure file uploads
- Cryptographic weakness
- Business logic flaws