Web Application Penetration Testing Training with Burp Suite

CyberFox Train’s Web Application Penetration Testing Training with Burp Suite is designed to provide participants with in-depth knowledge and practical skills to identify, exploit, and mitigate vulnerabilities in web applications. This comprehensive course covers advanced techniques and tools, focusing on the powerful Burp Suite platform, to help you become proficient in web application security testing.

What You Will Learn:

• Introduction to Web Application Security
  • Understanding web application architecture and components
  • Common web vulnerabilities (OWASP Top 10)
• Setting Up the Testing Environment
  • Installing and configuring Burp Suite
  • Setting up virtual labs and web application targets
• Burp Suite Essentials
  • Navigating the Burp Suite interface
  • Configuring Burp Suite for effective testing
  • Using Burp Suite tools: Proxy, Scanner, Intruder, Repeater, and more
• Information Gathering and Reconnaissance
  • Enumerating web applications and services
  • Identifying entry points and potential attack vectors
• Manual and Automated Testing Techniques
  • Exploiting SQL Injection, Cross-Site Scripting (XSS), and other common vulnerabilities
  • Using Burp Suite’s automated scanner for vulnerability assessment
  • Analyzing scanner results and prioritizing findings
• Advanced Testing Techniques
  • Performing session management and authentication testing
  • Exploiting advanced vulnerabilities: XML External Entity (XXE), Server-Side Request Forgery (SSRF), etc.
  • Conducting penetration tests on REST APIs and web services
• Reporting and Mitigation
  • Documenting findings and creating detailed penetration testing reports
  • Recommending remediation measures and security best practices
• Real-World Scenarios and Hands-On Labs
  • Practicing on live web applications and custom-built labs
  • Simulating real-world attack scenarios and defensive strategies

Who Should Attend:

• Security professionals and ethical hackers looking to enhance their web application testing skills
• Web developers and IT professionals responsible for web application security
• Penetration testers and cybersecurity enthusiasts aiming to specialize in web application security

Prerequisites:

• Basic understanding of web application architecture and common vulnerabilities
• Familiarity with HTTP, HTML, and web technologies
• Prior experience with penetration testing tools and techniques is beneficial but not mandatory

Course Duration:

• 5 Days (40 Hours)

Certification:

• Upon successful completion of the course, participants will receive a certificate of completion from CyberFox Train, demonstrating their expertise in web application penetration testing with Burp Suite.

Benefits:

• Gain hands-on experience with Burp Suite, the leading web application security testing tool
• Learn from industry experts with real-world experience in web application security
• Enhance your career prospects in the field of cybersecurity and penetration testing
• Equip yourself with the skills to protect web applications from evolving cyber threats

Course Content:

1. Web Application Assessment

• Introduction to web application security
• OWASP Top 10 Vulnerabilities and other common web application vulnerabilities
• Understanding the testing methodology
• Threat Modelling Principle
• Site Mapping & Web Crawling
• Server & Application Fingerprinting
• Identifying the entry points
• Page enumeration and brute forcing
• Looking for leftovers and backup files

 

2. Burp Suite

• Introduction to Burp Suite:
• What is Burp Suite
• Burp suite Setup LAB and How to Burp suite
• CA Certificate Installation
• Proxy Setting
• HTTP History including raw and hex, request and response
• Methods: GET, PUT, OPTIONS, DELETE
• Request & Response Method in Repeater Mode
• Burp Suite Dashboard
• Spider Process
• Scanner Process
• Intruder Process.
• Render Process
• Comparer process
• Request attributes, request cookies and request headers
• Engagement tools and generating its equivalent POC report
• Passive scanning and active scanning
• Sniper Live Example
• Battering Ram Live Example
• Pitchfork Live Example
• Cluster Bomb Live Example

 

3. Introduction to Brute Force Technique

• Introduction to Brute Force Technique
• Introduction to wordlist
• Introduction to Dictionary
• Brute Force Technique on Username & Password
• Brute Force Technique on Social Sites
• CAPTCHA Brute Force

 

4. Introduction to Rate Limit

• Introduction to Rate Limit
• How to identify Rate Limit
• Why we use Rate Limit
• Live Example with Burpsuite
• No Rate Limiting on Form Registration
• No Rate Limiting on Form Login
• No Rate Limiting on Form Email-Triggering
• No Rate Limiting on Form SMS-Triggering

 

5. Introduction to Cross Site Scripting XSS

• Introduction to Cross Site Scripting XSS and Its Payload.
• Types of XSS and Its Differences
• Basic Payloads for XSS On Live Site.
• Manually Hunting for XSS On Website Search Engine & Live Reporting
• Manually Hunting for XSS On Website Contact Page & Live Reporting
• Manually Hunting for XSS On Website Internal URLs & Live Reporting
• Manually Hunting for XSS On Chat Box & Live Reporting
• Manually Hunting for XSS On Website Sub-Domains & Live Reporting
• Introduction to Open Bug Bounty & Live Reporting & Live Reporting
• Introduction & Reporting Format for NCIIPC & Live Reporting
• Burp suite Setup LAB and How to Burp suite
• XSS through Burp- Suite by using XSS Payloads & Live Reporting
• Introduction to Get Base XSS & Live Reporting
• Introduction to Post Base XSS & Live Reporting
• Introduction to Sanitization Process
• How to use Image Payload on behalf of SVG & Basic Payloads

 

6. Advance Level Cross Site Scripting (XSS)

• Introduction to Polyglot XSS
• Introduction to XSS Hunter
• XSS using HTML Injection
• Introduction to Mouse Base XSS
• Introduction to Common WAF Bypass via method change
• Introduction to Bypass email filter
• Data grabber for XSS (cookie exploitation leads to HttpOnly flag)
• UI redressing Leverage displays a fake login form.
• Domain exploitation
• Url redirection through xss
• Reflected iframe attack
• Stored iframe attack
• HTML Exploitation through XSS
• Complex Password should be enabled
• Long Password DOS Attack and its Reporting

 

7. Local File Inclusion (LFI)

• Local File Exploitation and its Reporting
• LFI Leads to Path Traversal Exploits for Root
• Exploitation of LFI through Manually
• Exploitation of LFI through Burp Suite

 

8. RFI

• Introduction to RFI File Exploit

 

9. Parameter Tampering

• Introduction to Parameter Tampering

 

10. Open File Exploit

• Git File Exploitation and its Reporting
• Server open File Upload Exploitation for website and its Reporting
• Server Database Exploitation and its Reporting
• What is google dorking
• Google dorking methodologies
• Introduction to Injection & its types
• Simple Host Header Injection
• Double Host Header Injection
• X-Forwarded Host Header Injection
• Host-Header Poisoning Attack on forget password
• Origin Host Header Injection

 

11. CORS Attack

• Introduction to (CORS) Cross-Origin Resource Sharing Configuration
• Types of CORS and Its methods
• Exploitation of CORS through Curl Commands
• Trusting Pre-domain Wildcard as Origin in CORS Exploits
• Mitigation for CORS Attack

 

12. HTML Injection

• HTML Injection and Its Payloads
• Injecting Point for HTML Injection
• Reflected HTML Injection
• Stored HTML Injection

 

13. Server Security Misconfiguration

• Mail Server Misconfiguration Email Spoofing to Inbox : Missing or Misconfigured DMARC on Email Domain using (kitterman.com/spf/validate.html, mxtoolbox.com)
• Clipboard Enabled On Sensitive Content
• Directory Listing Enabled Non-Sensitive Data Exposure
• Directory Listing Enabled Sensitive Data Exposure
• Lack of Password Confirmation Change Email Address
• Lack of Password Confirmation Change Password
• Lack of Password Confirmation Manage 2FA
• Exposed Admin Portal To Internet
• Fingerprinting/Banner Disclosure (curl -I https://example.com)
• Username Enumeration Brute Force
• Potentially Unsafe HTTP Method Enabled OPTIONS
• Potentially Unsafe HTTP Method Enabled TRACE
• Lack of Security Headers X-Frame-Options
• Lack of Security Headers Cache-Control for a Non-Sensitive Page
• Lack of Security Headers X-XSS-Protection
• Lack of Security Headers Strict-Transport-Security
• Lack of Security Headers X-Content-Type-Options
• Lack of Security Headers Content-Security-Policy

 

14. CRLF Attack

• Introduction to CRLF Injection
• What is HTTP Response Splitting Vulnerability via CRLF Injection

 

15. CSRF ATTACK

• Introduction to Cross Site Request Forgery (CSRF) Injection
• What is the impact of CSRF
• Cross Site Request Forgery (CSRF) on logout or Profile Page
• Delete account – no password protected
• Add to cart
• Password change
• Disable 2fa
• Add to wishlist
• Remove from Wishlist
• Mitigation

 

16. Authentication vulnerabilities

• Authentication scenarios
• User enumeration
• Guessing passwords – Brute force & Dictionary attacks
• Default users/passwords
• Weak password policy
• Direct page requests
• Parameter modification
• Password flaws
• Locking out users
• Lack of SSL at login pages
• Bypassing weak CAPTCHA mechanisms
• Login without SSL

 

17. Authorization vulnerabilities

• Role-based access control (RBAC)
• Authorization bypassing
• Forceful browsing
• Client-side validation attacks
• Insecure direct object reference

 

18. Improper Input Validation & Injection vulnerabilities

• Input validation techniques
• Blacklist VS. Whitelist input validation bypassing
• Encoding attacks
• Directory traversal
• Command injection
• Code injection
• Log injection
• XML injection – XPath Injection | Malicious files | XML Entity
• Common implementation mistakes – authentication
• Bypassing using SQL Injection
• Cross Site Scripting (XSS)
• Reflected VS. Stored XSS
• Special chars – ‘ & < >, empty

 

19. SQL injection

• Introduction to SQL injection
• Types of SQL injection
• Impact of SQL injection
• SQL injection testing
• SQL injection using Cyberfox
• Encoding and Decoding scripts using SQL injection

 

20. Insecure file handling

• Path traversal
• Canonicalization
• Uploaded files backdoors
• Insecure file extension handling
• Directory listing
• File size
• File type
• Malware upload

 

21. Session & browser manipulation attacks

• Session management techniques
• Cookie based session management
• Cookie properties
• Cookies – secrets in cookies, tampering
• Exposed session variables
• Missing Attributes – httpOnly, secure
• Session validity after logoff
• Long session timeout
• Session keep alive – enable/disable
• Session id rotation
• Session Fixation
• Cross Site Request Forgery (CSRF)
• URL Encoding
• Open redirect

 

22. 2FA

• What is Authentication and Its Types
• Introduction to Two-Factor Authentication (2FA)
• Introduction to Multi-Factor Authentication (MFA)
• Second Factor Authentication (2FA) Bypass via OAuth 2.0 authentication vulnerabilities
• Weak 2FA Implementation,2FA Secret Cannot be Rotated
• Weak 2FA Implementation,2FA Secret Remains Obtainable After 2FA is Enabled
• Lack of Password Confirmation while Manage 2FA
• Failure to Invalidate Session On 2FA Activation/Change
• Bypass 2FA with server Request-Response Method change
• Bypass 2FA with proxy server code Change
• Mitigation for 2FA Attack

 

23. Missing Authentication Vulnerabilities & its Exploits

• What is Redirection and Why it is use in Website
• Impact of Redirection if it is not Handle Properly
• URL Redirection through manually and its Reporting
• URL Redirection through Burp suite and its Reporting
• URL Redirection through Referrer and its Reporting
• URL Redirection through Search Engine via Xframe and its Reporting
• URL Redirection reporting on Open Bug Bounty
• Mitigation for Redirection

 

24. Introduction to SSRF (Server-Side Request Forgery)

• External SSRF (ngrok)
• SSRF through Burp Suite Collaborator Client
• SSRF through Internal URL of Domain
• SSRF through Internal profile page Domain
• SSRF through Internal chat engine
• SSRF through comment box
• Mitigation for SSRF Attack

 

25. Referrer Vulnerabilities

• Token Leakage via Referrer Untrusted 3rd Party
• Token Leakage via Referrer Trusted 3rd Party
• Token Leakage via Referrer Over HTTP
• Http Only Flag (leads to document. Cookie)
• Missing Encryption of Sensitive Date

 

26. Sensitive Data Exposure

• EXIF Geolocation Data Not Stripped from Uploaded Images Manual User Enumeration
• Visible Detailed Error/Debug Page Detailed Server Configuration
• Sensitive Token in URL User Facing
• Weak Password Reset Implementation: Password Reset Token Sent Over HTTP
• Per cookie and post cookie same

 

27. Information Disclosure

• Information Disclosure through Text.
• Information Disclosure through JSON
• Information Disclosure through PHP Information
• Information Disclosure through XML
• Information Disclosure through Script
• Cross Domain Referer Leakage
• Cross Domain Script Include
• Email ID or Mobile Number Disclosed
• Credit Card Numbers Disclosed
• Username Enumerations Exploits
• Cross-Domain JavaScript Source File Inclusion

 

28. Broken authentication

• Cleartext Transmission of Session Token
• Weak Login Function Other Plaintext Protocol with no Secure Alternative
• Weak Login Function HTTP and HTTPS Available
• Failure to Invalidate Session on Logout (Client and Server-Side)
• Failure to Invalidate Session on Password Reset and/or Change
• Weak Registration Implementation Over HTTP

 

29. Clickjacking attack

• What is clickjacking attack
• Clickjacking Form Input
• Clickjacking non-sensitive and sensitive Action
• Sensitive based click action-p4 (delete account, enable/disable 2fa, remove phone number, credit card/debit number)