About this course
Introduction:
A website is nothing but
just an application that is installed on a device or computer. A website has
two main applications that are a web server (for example, Apache), and a database
(for example, MySQL). The web
server is used to understand and executes the web application. A
web application can be written in Java, Python, PHP, or any other programming
language. The only restriction is that the web server needs to be able to
understand and execute the web application. The database contains the data that is used by the web
application. All of this is stored on a computer called the server. The server
is connected to the internet and has an IP address, and anybody can access or
ping it.we
know that a website is installed on a computer, we can try to attack and hack
it just like any other computer. However, we know that a website is installed
on a computer, we can try to attack and hack it just like any other computer.
We can also use server-side attacks to see which operating system, web server
or other applications are installed. If we find any vulnerabilities, we can use
any of them to gain access to the computer. Another way to attack is
client-side attacks. Because websites are managed and maintained by humans.
This means that, if we manage to hack any of the administrators of the site, we
will probably be able to get their username and password, and from there log in
to their admin panel or to the Secure
Socket Shell (SSH). Then we will be able to access any of the servers
that they use to manage the website.
Objectives:
- · The learner will be able to understand network attacks and their types, i.e., active and passive attacks.
- · The learner will be able to understand endpoint attacks, malware attacks, vulnerabilities, and exploits.
- · This web hacking training course provides a beginner-level step into the world of ethical hacking and penetration testing
- · explain the basic principles and techniques of how attackers can enter computer systems.
- · It enables the cybersecurity workforce to learn, hack, test, and secure web
Course Outlines:
- · Introduction
- · Attacking a Website
- · Information Gathering
- · Who is Lookup
- · Net craft
- · Robtex
- · Discovering Subdomain
- · Analyzing Discovering Files
- · File Upload Vulnerabilities
- · Exploiting File Upload Vulnerabilities without Remote Code Execution
- · Exploiting a Code Execution Vulnerability
- · Discovering & Exploiting Local File Inclusion Vulnerabilities
- · Remote File Inclusion (RFI)
- · SQL
- · Risks Associated with SQL Injection
- · Discovering SQL Injections in POST
- · SQL Injection Login Bypass
- · The SQL SELECT Statement
- · Types of Database Attacks Hackers Use to Obtain Unauthorized Access
- · Reading and Writing Files in SQL Server using T-SQL
- · Discovering SQL Injections & Extracting Data Using SQL Map
- · How to Defend Against SQL Injection Attacks
- · Introduction to Cross Site Scripting
- · Reflected Cross Site Scripting (XSS) Attacks
- · Stored Cross Site Scripting
- · How to Setup OWASP ZAP to Scan your Web Application for Security Vulnerabilities
Who should attend?
- · Anybody with basic knowledge of computer science and interested in understanding Cyber Security and learning hacking techniques
- · Cyber Hackers
- · Security Officers/Auditors
- · Security Professionals
- · Site Administrators
- · anyone who is concerned about the integrity of their network infrastructure
Learning Outcomes:
- · The learner will be able to understand network attacks and their types, i.e., active and passive attacks.
- · The learner will be able to understand endpoint attacks, malware attacks, vulnerabilities, and exploits.
- · This web hacking training course provides a beginner-level step into the world of ethical hacking and penetration testing
- · explain the basic principles and techniques of how attackers can enter computer systems.
- · It enables the cybersecurity workforce to learn, hack, test, and secure web
End of Course
After completion of the course students must undertake the exam. Once the exam is passed, it is considered as end of the course.
.png)
