Overview

This Cyber Security course provides a comprehensive understanding of ethical hacking and security vulnerabilities, covering the OWASP Top 10 risks and various attack techniques. Participants will gain hands-on experience with essential security tools and methodologies.

Key Learning Modules:

1. Introduction to Ethical Hacking

   • Fundamentals of hacking, vulnerabilities, risks, and threats
   • Client-server model and web security
   • Overview of Google Dorks, protocols, and proxy usage

2. OWASP Top 10 Security Risks

   • Injection Attacks: SQL, Command, LDAP, HTML, CSV injections
   • Broken Authentication: Password security, session hijacking, OTP bypass
   • Sensitive Data Exposure: SSL/TLS weaknesses, data transmission risks
   • XML External Entities (XXE): XML attacks, internal vs. external DTD
   • Broken Access Control: IDOR, directory traversal, privilege escalation
   • Security Misconfiguration: Server misconfigurations, clickjacking, internal path disclosure
   • Cross-Site Scripting (XSS): Reflected, stored, and DOM-based XSS
   • Insecure Deserialization: Serialization vulnerabilities in PHP and Java
   • Using Vulnerable Components: Risks in jQuery, Bootstrap, AngularJS
   • Cross-Site Request Forgery (CSRF) & Other Attacks: SSRF, buffer overflow, host header injection

3. Denial of Service (DoS/DDoS) Attacks

   • Techniques and tools for scanning and attack prevention
   • Network and vulnerability scanning

4. Security Tools & Hands-on Training

   • Practical use of security tools like Burp Suite, SQLMap, Nmap, Nessus, Acunetix, and more
   • Web and mobile security testing tools

Course Description

 Module 1: Introduction

  Introduction to Ethical Hacking

Ø What is Hacking?

Ø What is Ethical Hacking?

Ø What is a Dark web?

Ø What is Vulnerability?

Ø What is Risk, Threat, exploit

Ø Client-server model

Ø Static vs dynamic webpages

Ø Webserver vs application server

Ø Types of security

Ø Google Dorks

Ø Protocols

Ø Port numbers

Ø Http response status codes

Proxy

Ø What is a proxy?

Ø Types of proxies

Owasp

Ø What is Owasp top 10

Ø 2013 vs 2017 owasp

Module 2: Owasp top 1

Injection

Ø Types in SQL injection

Ø What is a Command injection?

Ø What is LDAP injection

Ø What is HTML injection

Ø What is CSV injection

Ø What is a SQL injection?

Module 3: Owasp top 2

 Broken Authentication and Session management

Ø What is authentication?

Ø Password policy

Ø 2FA and OTP Bypass

Ø Concurrent login

Ø Back and refresh attack

Ø Auto complete enable.

Ø Accept blank/partial password.

Ø Insecure pwd reset mechanism.

Ø Bypass OTP

Ø Brute force OTP

Ø OTP policy

Ø Unencrypted pwd sent to server.

Ø Session hijacking

Ø Session fixation

Ø Session timeout

Ø Session id in URL

Ø Session id does not invalidate after logout.

Ø Session cookie attributes

Module 4: Owasp top 3

Sensitive Data Exposure

Ø What is SSL/TLS and week versions?

Ø HTTPS not implemented.

Ø Weak key lengths

Ø Sensitive data transmitted in URL.

Ø Sensitive data PII, card, account in clear text

Module 5: Owasp top 4

 XML External Entities (XXE)

Ø What is Xml?

Ø What is DTD?

Ø Internal DTD vs External DTD

Ø How to find XXE attacks

Module 6: Owasp top 5

Broken Access Control

Ø What is Authorization?

Ø What is IDOR?

Ø Directory traversal attack

Ø Access sensitive data by direct URL

Ø Directory listing

Ø LFI

Ø RFI

Ø What Privilege Escalation

Ø Horizontal vs Vertical

Ø Parameter manipulation

Module 7: Owasp top 6

Security Misconfiguration

Ø Http methods

Ø Server banner

Ø Error page reveals sensitive info.

Ø Email id expose

Ø Special character accepts as input.

Ø Default credentials use.

Ø Internal path disclosure

Ø Clickjacking

Ø Sensitive data exposure in browser cache

Ø Missing useful headers

Module 8: Owasp top 7

Cross-Site Scripting XSS

Ø What is XSS?

Ø Reflected XSS

Ø Stored XSS

Ø DOM-XSS

Module 9: Owasp top 8

Insecure Deserialization

Ø What is serialization?

Ø What is Deserialization?

Ø Php and java serialization

Module 10: Owasp top 9&10

Using Components with Known Vulnerabilities

Ø jQuery version

Ø Bootstrap version

Ø Angular JS Version etc. 

Module 11: Owasp top 4

Ø What is CSRF?

Ø Bypass CSRF

Ø Host header injection

Ø Unvalidated redirection

Ø What is SSRF?

Ø Buffer overflow

Module 12: Others

Denial of Service

Ø What is a DoS and DDoS attack?

Ø DoS attack techniques

Ø DoS attack Tools Scanning

Ø What is Network scanning

Ø Types of Scanners

Ø Vulnerability Scanner Tools

Web and mobile Tools

Ø Burp suite

Ø SQLMAP

Ø Nmap

Ø Nessus scan

Ø Acunetix scanner

Ø Test SSL

Ø Quails scan

Ø APK tool

Ø Dex2jar

Ø Mobsf

Benefits

• • Comprehensive Curriculum: Covers all key concepts from basics to advanced topics.
  • Hands-on Learning: Apply concepts through real-time projects.
  • Expert Mentors: Learn from industry experts with practical experience.
  • 100% Placement Assistance: Resume building, interview preparation, and job placement support.

  Enroll now to master Cybersecurity and pave your way to a successful career and Expertise in Cybersecurity and Ethical Hacking and more!