Web Application Penetration Testing Training with Burp Suite

Course Overview:

The Web Application Penetration Testing Training with Burp Suite is an advanced cybersecurity course offered by Cyberfox Train, the leading cybersecurity training and certification provider in Bangladesh. This comprehensive course is designed to equip participants with the skills and knowledge required to identify and address vulnerabilities in web applications using the powerful penetration testing tool, Burp Suite. Through hands-on exercises and real-world scenarios, students will gain practical experience in assessing the security of web applications and mastering techniques to defend against potential cyber threats.

Methodology:

The training course follows a practical and interactive approach, focusing on a combination of theory and hands-on exercises. Participants will learn through live demonstrations, guided labs, and interactive discussions led by experienced cybersecurity experts. The course will be conducted in a workshop-style format, enabling students to apply their newly acquired skills in a controlled environment and gain confidence in executing web application penetration tests effectively.

Target Audience:

This course is ideal for aspiring cybersecurity professionals, web developers, system administrators, network security engineers, and anyone interested in enhancing their web application security assessment capabilities. Basic knowledge of networking, web technologies, and cybersecurity concepts is recommended, but not mandatory, as the course covers essential fundamentals as well.

Course Benefits:

1. In-depth Understanding: Gain a profound comprehension of web application security vulnerabilities and attack vectors commonly exploited by cybercriminals.
2. Practical Hands-on Experience: Acquire practical skills through guided labs and hands-on exercises using Burp Suite, one of the most popular penetration testing tools.
3. Real-world Application: Learn to assess real-world web applications and identify security weaknesses that could lead to potential data breaches or cyber-attacks.
4. Industry-Relevant Techniques: Stay up-to-date with the latest methodologies and techniques for web application penetration testing.
5. Career Advancement: Enhance your cybersecurity skillset, making you a valuable asset to organizations seeking qualified professionals in web application security.
6. Certification: Receive a Cyberfox Train certification upon successful completion of the course, validating your expertise in web application penetration testing with Burp Suite.

Course Outline:

Web Application Assessment

• Introduction to web application security
• OWASP Top 10 Vulnerabilities and other common web application vulnerabilities
• Understanding the testing methodology
• Threat Modelling Principle
• Site Mapping & Web Crawling
• Server & Application Fingerprinting
• Identifying the entry points
• Page enumeration and brute forcing
• Looking for leftovers and backup files

Burp Suite

• Introduction to Burp Suite:
• What is Burp Suite
• Burp suite Setup LAB and How to Burp suite
• CA Certificate Installation
• Proxy Setting
• HTTP History including raw and hex, request and response
• Methods : GET, PUT, OPTIONS, DELETE
• Request & Response Method in Repeater Mode
• Burp Suite Dashboard
• Spider Process
• Scanner Process
• Intruder Process.
• Render Process
• Comparer process
• Request attributes, request cookies and request headers
• Engagement tools and generating its equivalent POC report
• Passive scanning and active scanning
• Sniper Live Example
• Battering Ram Live Example
• Pitchfork Live Example
• Cluster Bomb Live Example

Introduction to Brute Force Technique

• Introduction to Brute Force Technique
• Introduction to wordlist
• Introduction to Dictionary
• Brute Force Technique on Username & Password
• Brute Force Technique on Social Sites
• CAPTCHA Brute Force

Introduction to Rate Limit

• Introduction to Rate Limit
• How to identify Rate Limit
• Why we use Rate Limit
• Live Example with Burpsuite
• No Rate Limiting on Form Registration
• No Rate Limiting on Form Login
• No Rate Limiting on Form Email-Triggering
• No Rate Limiting on Form SMS-Triggering

Introduction to Cross Site Scripting XSS

• Introduction to Cross Site Scripting XSS and Its Payload.
• Types of XSS and Its Differences
• Basic Payloads for XSS On Live Site.
• Manually Hunting for XSS On Website Search Engine & Live Reporting
• Manually Hunting for XSS On Website Contact Page & Live Reporting
• Manually Hunting for XSS On Website Internal URLs & Live Reporting
• Manually Hunting for XSS On Chat Box & Live Reporting
• Manually Hunting for XSS On Website Sub-Domains & Live Reporting
• Introduction to Open Bug Bounty & Live Reporting & Live Reporting
• Introduction & Reporting Format for NCIIPC & Live Reporting
• Burp suite Setup LAB and How to Burp suite
• XSS through Burp- Suite by using XSS Payloads & Live Reporting
• Introduction to Get Base XSS & Live Reporting
• Introduction to Post Base XSS & Live Reporting
• Introduction to Sanitization Process
• How to use Image Payload on behalf of SVG & Basic Payloads

Advance Level Cross Site Scripting (XSS)

• Introduction to Polyglot XSS
• Introduction to XSS Hunter
• XSS using HTML Injection
• Introduction to Mouse Base XSS
• Introduction to Common WAF Bypass via method change
• Introduction to Bypass email filter
• Data grabber for XSS (cookie exploitation leads to HttpOnly flag)
• UI redressing Leverage displays a fake login form.
• Domain exploitation
• Url redirection through xss
• Reflected iframe attack
• Stored iframe attack
• HTML Exploitation through XSS
• Complex Password should be enabled
• Long Password DOS Attack and its Reporting

Local File Inclusion (LFI)

• Local File Exploitation and its Reporting
• LFI Leads to Path Traversal Exploits for Root
• Exploitation of LFI through Manually
• Exploitation of LFI through Burp Suite

RFI

• Introduction to RFI File Exploit
• Parameter Tampering
• Introduction to Parameter Tampering

Open File Exploit

• Git File Exploitation and its Reporting
• Server open File Upload Exploitation for website and its Reporting
• Server Database Exploitation and its Reporting
• What is google dorking
• Google dorking methodologies
• Introduction to Injection & its types
• Simple Host Header Injection
• Double Host Header Injection
• X-Forwarded Host Header Injection
• Host-Header Poisoning Attack on forget password
• Origin Host Header Injection

CORS Attack

• Introduction to (CORS) Cross-Origin Resource Sharing Configuration
• Types of CORS and Its methods
• Exploitation of CORS through Curl Commands
• Trusting Pre-domain Wildcard as Origin in CORS Exploits
• Mitigation for CORS Attack

HTML Injection

• HTML Injection and Its Payloads
• Injecting Point for HTML Injection
• Reflected HTML Injection
• Stored HTML Injection

Server Security Misconfiguration

• Mail Server Misconfiguration Email Spoofing to Inbox : Missing or Misconfigured DMARC on Email Domain using (kitterman.com/spf/validate.html, mxtoolbox.com)
• Clipboard Enabled On Sensitive Content
• Directory Listing Enabled Non-Sensitive Data Exposure
• Directory Listing Enabled Sensitive Data Exposure
• Lack of Password Confirmation Change Email Address
• Lack of Password Confirmation Change Password
• Lack of Password Confirmation Manage 2FA
• Exposed Admin Portal To Internet
• Fingerprinting/Banner Disclosure (curl -I https://example.com)
• Username Enumeration Brute Force
• Potentially Unsafe HTTP Method Enabled OPTIONS
• Potentially Unsafe HTTP Method Enabled TRACE
• Lack of Security Headers X-Frame-Options
• Lack of Security Headers Cache-Control for a Non-Sensitive Page
• Lack of Security Headers X-XSS-Protection
• Lack of Security Headers Strict-Transport-Security
• Lack of Security Headers X-Content-Type-Options
• Lack of Security Headers Content-Security-Policy

CRLF Attack

• Introduction to CRLF Injection
• What is HTTP Response Splitting Vulnerability via CRLF Injection

CSRF ATTACK

• Introduction to Cross Site Request Forgery (CSRF) Injection
• What is the impact of CSRF
• Cross Site Request Forgery (CSRF) on logout or Profile Page
• Delete account – no password protected
• Add to cart
• Password change
• Disable 2fa
• Add to wishlist
• Remove from Wishlist
• Mitigation

Authentication vulnerabilities

• Authentication scenarios
• User enumeration
• Guessing passwords – Brute force & Dictionary attacks
• Default users/passwords
• Weak password policy
• Direct page requests
• Parameter modification
• Password flaws
• Locking out users
• Lack of SSL at login pages
• Bypassing weak CAPTCHA mechanisms
• Login without SSL

Authorization vulnerabilities

• Role-based access control (RBAC)
• Authorization bypassing
• Forceful browsing
• Client-side validation attacks
• Insecure direct object reference

Improper Input Validation & Injection vulnerabilities

• Input validation techniques
• Blacklist VS. Whitelist input validation bypassing
• Encoding attacks
• Directory traversal
• Command injection
• Code injection
• Log injection
• XML injection – XPath Injection | Malicious files | XML Entity
• Common implementation mistakes – authentication
• Bypassing using SQL Injection
• Cross Site Scripting (XSS)
• Reflected VS. Stored XSS
• Special chars – ‘ & < >, empty

SQL injection

• Introduction to SQL injection
• Types of SQL injection
• Impact of SQL injection
• SQL injection testing
• SQL injection using Cyberfox
• Encoding and Decoding scripts using SQL injection

Insecure file handling

• Path traversal
• Canonicalization
• Uploaded files backdoors
• Insecure file extension handling
• Directory listing
• File size
• File type
• Malware upload

Session & browser manipulation attacks

•  Session management techniques
• Cookie based session management
• Cookie properties
• Cookies – secrets in cookies, tampering
• Exposed session variables
• Missing Attributes – httpOnly, secure
• Session validity after logoff
• Long session timeout
• Session keep alive – enable/disable
• Session id rotation
• Session Fixation
• Cross Site Request Forgery (CSRF)
• URL Encoding
• Open redirect

2FA

• What is Authentication and Its Types
• Introduction to Two-Factor Authentication (2FA)
• Introduction to Multi-Factor Authentication (MFA)
• Second Factor Authentication (2FA) Bypass via OAuth 2.0 authentication vulnerabilities
• Weak 2FA Implementation,2FA Secret Cannot be Rotated
• Weak 2FA Implementation,2FA Secret Remains Obtainable After 2FA is Enabled
• Lack of Password Confirmation while Manage 2FA
• Failure to Invalidate Session On 2FA Activation/Change
• Bypass 2FA with server Request-Response Method change
• Bypass 2FA with proxy server code Change
• Mitigation for 2FA Attack

Missing Authentication Vulnerabilities & its Exploits

• What is Redirection and Why it is use in Website
• Impact of Redirection if it is not Handle Properly
• URL Redirection through manually and its Reporting
• URL Redirection through Burp suite and its Reporting
• URL Redirection through Referrer and its Reporting
• URL Redirection through Search Engine via Xframe and its Reporting
• URL Redirection reporting on Open Bug Bounty
• Mitigation for Redirection

Introduction to SSRF (Server-Side Request Forgery)

• External SSRF (ngrok)
• SSRF through Burp Suite Collaborator Client
• SSRF through Internal URL of Domain
• SSRF through Internal profile page Domain
• SSRF through Internal chat engine
• SSRF through comment box
• Mitigation for SSRF Attack

Referrer Vulnerabilities

• Token Leakage via Referrer Untrusted 3rd Party
• Token Leakage via Referrer Trusted 3rd Party
• Token Leakage via Referrer Over HTTP
• Http Only Flag (leads to document. Cookie)
• Missing Encryption of Sensitive Date

Sensitive Data Exposure

• EXIF Geolocation Data Not Stripped From Uploaded Images Manual User Enumeration
• Visible Detailed Error/Debug Page Detailed Server Configuration
• Sensitive Token in URL User Facing
• Weak Password Reset Implementation : Password Reset Token Sent Over HTTP
• Pre cookie and post cookie same

Information Disclosure

• Information Disclosure through Text.
• Information Disclosure through JSON
• Information Disclosure through PHP Information
• Information Disclosure through XML
• Information Disclosure through Script
• Cross Domain Referer Leakage
• Cross Domain Script Include
• Email ID or Mobile Number Disclosed
• Credit Card Numbers Disclosed
• Username Enumerations Exploits
• Cross-Domain JavaScript Source File Inclusion

Broken authentication

• Cleartext Transmission of Session Token
• Weak Login Function Other Plaintext Protocol with no Secure Alternative
• Weak Login Function HTTP and HTTPS Available
• Failure to Invalidate Session On Logout (Client and Server-Side)
• Failure to Invalidate Session On Password Reset and/or Change
• Weak Registration Implementation Over HTTP

Clickjacking attack

• What is clickjacking attack
• Clickjacking Form Input
• Clickjacking Non-Sensitive and sensitive Action
• Sensitive based click action-p4 (delete account, enable/disable 2fa,remove phone number,credit card/debit number)