30-Day Web Penetration Testing Crash Course

During the first day, we will provide an overview of web penetration testing. You will have a chance to gain a deeper understanding of the most common vulnerabilities. You will also discover bugs and attacks. Moreover, we will delve into the importance of scope in cybersecurity.  

Day 2 of our course will focus on Burp Suite and its various functionalities, including proxy settings, request interception, and response analysis. We will explore how to set up and use Burp Suite to capture, modify, and analyze web traffic, allowing you to identify and exploit vulnerabilities in web applications.  

By the end of this lesson, you will have a solid understanding of how to use Burp Suite’s features such as Repeater, Intruder, and Decoder to perform web penetration testing effectively. 

This time, participants will have a chance to gain a deeper understanding of the HTTP protocol, its versions, and how it is used for communication between clients and servers. We will also explore the structure of HTTP requests and responses. Day 3 agenda will cover different HTTP methods, status codes, and the importance of HTTPS for secure communication. This foundational knowledge is crucial for identifying and exploiting web application vulnerabilities. 

Building on the knowledge from the previous day, Day 4 will provide an in-depth look on the role of HTTP headers in web communication. It will include analyzing and manipulating headers. Participants will learn about the most common security headers, including HSTS (HTTP Strict Transport Security), XFO (X-Frame-Options), XCTO (X-Content-Type-Options), and CSP (Content-Security-Policy). 

Today, we will learn about the fundamental aspects of web application architecture and how to identify potential vulnerabilities. We will explore the journey of a web request from the moment a user types a website address in their browser to the point where the server processes and responds to that request. Our focus will include understanding IP and DNS protocols, examining different parts of web architecture, and distinguishing between client-side and server-side technologies. Additionally, we will cover essential security concepts, such as WAF bypassing and using tools like Testssl.sh to assess encryption vulnerabilities. 

During Day 6, we will learn about Basic XSS (Cross-Site Scripting) attacks. It will include identifying and exploiting reflected XSS vulnerabilities. Later on, you will discover how an xss vulnerability can be used by an attacker. We will also cover insecure headers and the importance of proper sanitization.

During Day 7 of this course, we will focus on stored XSS and DOM-based XSS vulnerabilities. Differences between stored and DOM-based XSS will be explained. You will also find out how to detect and exploit stored XSS and DOM based XSS vulnerabilities. Learners will be able to master new techniques through real-world examples and practical exercises.

The main focus of Day 8 will be the Same Origin Policy, a security mechanism built in browsers that restricts scripts loaded by one origin from accessing the data of another origin and Cross-Origin Resource Sharing which is a mechanism that enhances the Same Origin Policy. We will provide a comprehensive overview of CORS policies, including Basic Concept of CORS, basic CORS and API Null Origin CORS. At the end, we will also dive deep into the topic of exploiting misconfigured CORS. To illustrate this topic in an easy-to-follow way, we will include real-life examples.

On Day 9, we will begin with an analysis of what a web session is. Later on, we will provide an overview of session management mechanisms.  We will also review typical vulnerabilities related to session management. During this module, get ready to deepen your knowledge of basic reconnaissance, session fixation attacks and insecure local storage.

What are the proven techniques for discovering hidden content and functionalities? You will find them our during Day 10 of our course. To provide you with a better understanding of this topic, we will focus on hostname resolution, discovering assets, and discovering subdomains. This module will also cover tools and methods for content enumeration.

Authorization and authentication are sometimes used interchangeably; however, they are two different processes and have different purposes. Both are very important for security. On Day 11, we will focus on exploring the mechanisms of authentication and authorization in depth. We will also uncover common vulnerabilities and exploitation techniques related to them.

On Day 12 of our course, we will focus on Insecure Direct Object Reference (IDOR) and Business Logic Attacks. These vulnerabilities can lead to severe security breaches, including unauthorized access to user or application data. We will also identify IDOR vulnerabilities. Later on, participants will understand in what ways these vulnerabilities can expose sensitive information and allow attackers to manipulate application logic to their advantage. Moreover, this lesson will cover Parameter Tampering and Negative Value techniques.

On Day 13, we will dive deep into the topic of Header Injection. In this module, we will also explore CRLF (Carriage Return Line Feed) Injection. Participants will also learn more about response splitting. Moreover, we will focus on exploiting CRLF for web attacks.

This module serves as an introduction to SQL and database concepts. On Day 14, we will focus on SQL injection attacks. It is one of the most popular types of injection attacks and can have very serious consequences, especially if the attacker dumps all data, including password hashes, personal data, or client lists. Thus, testing web applications for SQL injection vulnerabilities is a very important part of each web application penetration test. We will go through the topics of Basic SQLi, SQL Login Bypass, and SQLi with Data.

we’ll focus on the automation of SQL injection attacks. We will also cover advanced SQLi exploitation. After completing this module, you will deepen your understanding of Login Bypass (Manual Tampering) and Automated SQLi, SQLi with sqlmap, and RCE Steps.

Although using a template engine allows us to dynamically create webpages relatively easily, it is worth noting that there are some vulnerabilities related to template engines. Today, we will focus on template injection vulnerabilities. Throughout this module, you will discover effective ways of identifying them. Later on, we will also cover exploitation techniques and tools.

In the previous days, we have successfully injected JavaScript code and performed attacks such as SQL injection and template injection. On Day 17, we will focus on two other injections that should be known to each web application penetration tester: OS command injection and CSS injection. We will provide an overview of both attacks and include techniques for detecting and exploiting injections

On day 18, we will talk about insecure deserialization. This vulnerability can have various serious consequences, including data leakage, unauthorized file deletion, and remote command execution on the web server. During this lesson, we will discuss data type manipulation (type juggling), insecure functions RCE (Remote Command Execution), poorly written code, and insecure file operations. 
Participants will also learn more about performing a PHP deserialization attack on a web application.

On Day 19, we will demonstrate two vulnerabilities that can result in an attacker being able to read files from server or even execute malicious code on it that can lead to taking a full control over the server. These two vulnerabilities are LFI (Local File Inclusion) and RFI (Remote File Inclusion). During this module, you will discover how to identify and exploit them. We will cover Local File Inclusion, Filter bypassing – $IFS, Log File Inclusion, and Remote File Inclusion.

During today’s lesson, we will cover Path Traversal attack, which is also known as Directory Traversal. This attack has been known for many years and yet some web applications are still vulnerable to it. Firstly, we will show you how to identify and exploit Path Traversal vulnerability. Secondly, we will focus on Path Traversal attacks against JSON web tokens.

On Day 21 of our course, we will focus on vulnerabilities related to file upload functionality. During this module, we will identify insecure file upload mechanisms. Moreover, we will be exploiting them. Get ready to learn more about Insecure File Upload, Bypassing File Extension Filtering, Bypassing File Content Filtering, and Vulnerable ExifTool.

During today’s lesson, you will gain a deeper understanding of Content Security Policy (CSP). You will discover how Content Security Policy can prevent XSS attacks. Moreover, we will focus on how to attack hardened CSP and how to detect CSP leaks. We will also cover techniques for bypassing and exploiting CSP.

Today’s lesson will cover Server–Side Request Forgery (SSRF) vulnerability. SSRF vulnerability can have serious consequences as it may lead to sensitive information disclosure, unauthorized actions, and even Remote Code Execution. We will guide you on detecting SSRF vulnerabilities and exploiting them. Additionally, you will learn techniques to bypass SSRF filters.

In this lesson, we’ll explore various forms of open redirection, including classic methods, Meta Refresh, and DOM-based techniques. We’ll also delve into how these vulnerabilities can be exploited for more severe attacks like Cross-Site Request Forgery (CSRF), Cross-Site Scripting (XSS), and Server-Side Request Forgery (SSRF). Additionally, we’ll discuss the risks of internal secret key leakage and file upload-based redirections, providing a comprehensive understanding of the threats and mitigation strategies. We will also cover techniques for leveraging application behavior.

During Day 25, we will cover several crucial topics to enhance our understanding and skills in attacking REST APIs. At first, we will focus on basic reconnaissance methods, essential for identifying vulnerabilities and misconfigurations in API endpoints. Later on, we will examine the most common flaws found in REST APIs, enabling us to recognize and exploit these weaknesses effectively.

On Day 26 of our course, we will dive into the critical topic of XXE vulnerabilities, which stands for XML External Entities. This vulnerability is related to XML (Extensible Markup Language). We will learn how to detect and exploit these vulnerabilities, which can compromise data security and system integrity.  By the end of this module, you will gain a solid understanding of how to identify XXE flaws and protect web applications against these threats.

During this module, we will focus on JSON Web Tokens. JWTs are used for both authorization and information exchange.  Such tokens are widely used across many websites, so it is worth identifying and understanding the vulnerabilities related to them. On Day 27 of our course, you will learn how to perform reconnaissance, attack JWTs, recover the public key, and crack HSA256 keys.

During Day 28, you will learn how to effectively report vulnerabilities discovered during penetration testing. This includes understanding the structure of a comprehensive vulnerability report, assessing vulnerability severity levels, and using the Common Vulnerability Scoring System (CVSS) to quantify the impact of discovered vulnerabilities. Participants will discover best practices for writing and submitting vulnerability reports

The knowledge you gained during this course provides insight into web application security and penetration testing methods for web applications. However, you should constantly improve your skills to deal with new vulnerabilities and exploitation techniques that do not yet exist but will be discovered in the future. During this lesson, we will cover resources and techniques for continuous learning and skill enhancement, including: 1. What is important in becoming a good penetration tester, 2. Why you should keep learning and which sources you should pay attention to, 3. How to practice and test your skills, 4. Your Toolbox, 5. How to develop your career as a penetration tester.

In this module, we will review key concepts and techniques included in this course. Get ready for real-world case study and a discussion concerning web penetration testing.