WAST WORKSHOP

[WEB APPLICATION SECURITY TESTING]

Explore, Analyse & Evaluate Web Security Flaws

Program Reference Guide

Dedicated Laptop WASD
7 Days Hands-On
Lab Required Curriculum

www.hack2secure.com | [email protected]
Hack2Secure Web Application Security Testing Workshop: Reference Guide 1

Table of Content

About Web Application Security Testing Workshop Page 2

Curriculum Page 3
About WASD Exam Page 5
Frequently Asked Questions (FAQ) Page 6
About Hack2Secure Page 7

www.hack2secure.com | [email protected]
 Hack2Secure Web Application Security Testing Workshop: Reference Guide 2

WORKSHOP: WEB APPLICATION SECURITY TESTING

7 DAYS | HANDS-ON | LAPTOP REQUIRED| 42 CPEs| WASD CURRICULUM

Hack2Secures Workshop on Web Application Security Testing provides hands-on exposure using both
Real-Time scenarios and Simulated Lab environment to required Tools and Techniques on different Web
Security Risk and Attack vectors.
Scoped around OWASP Web Application Security Testing Guide, these intensive practical sessions
provides deep-dive on required practical tips and tricks to evaluate, test and assess Security of Web
Application.

Key Take Away

Active and Passive Reconnaissance methods SQL Injection
Google Hacking and Deep-Web Local and Remote File Inclusion
SSL/TLS Handshake and Testing methods Vulnerabilities
Scanning, Fingerprinting and Spidering Cross Site Scripting
Authentication, Authorization and Format String Vulnerabilities
Accountability Web Application Filters & Firewalls
Session Management & related Attacks W3af, Nikto, Metasploit Framework
Cross Site Request Forgery BeEF, XSSer, SQLmap, Nmap, Recon-ng
Python and Java Script for Security Testers Burp Suite and Zed Attack Proxy (ZAP)

Who Should Attend?

Security Team Software Development Team

Security Engineers and Testers Application/Software Developers

Application/Software Penetration Testers Quality Assurance Team

Application/Software Security Analyst Application/Software Architects

Security Consultants Software Consultants

Auditors, Product Security Office Research Engineers

Security Mangers Team Leads, Technical Mangers

Student Student

Students [Management & Technical Stream] Anyone

Looking to pursue Career in Web Application Who wants to evaluate his skills in Web Application
Security Assessment/Testing Security Assessment/Testing

For more details, visit www.hack2secure.com/wastws

www.hack2secure.com | [email protected]
 Hack2Secure Web Application Security Testing Workshop: Reference Guide 3

WORKSHOP CURRICULUM
Module#1: Building the Base Scoped LAB
[Concepts, Processes & Methodologies] WHOIS analysis
Understanding the Web DNS Scan with Nslookup, DNSRecon, NMAP DNS
Importance of Web Application Security related NSE Scripts
Web 2.0 & Related Concerns Metasploit for DNS Scan
Web Application Security Testing (WAST): Google Filters & Hacking Database
Current Approach Setting-up Lab for Deep-Web exploration
Web Application Penetration Testing (WAPT): SHODAN to explore Devices on Network
Approach TheHarvester & Recon-Ng for Information
Introducing Web Proxies: Burp Suite & ZAP Gathering
HTTP Protocol HTtrack for Website Mirroring
o History, Versions
o Request Methods, Status Codes Module#3: Looking for Entry Point
Web Sockets: Introduction [Scanning, Fingerprinting & Spidering]
HTTPS Protocol Scanning: Identifying Services & Configurations
o Introduction Fingerprinting Web Server
o SSL/TLS handshake, Testing Methods Software Configuration level flaws
o Vulnerability Case Study: HeartBleed Vulnerability Case Study: ShellShock
OWASP Web Application Security Testing Guide: Spidering/Crawling
Walkthrough Fuzzing:
OWASP Top10 Web Application Security Risk: o About, What to Look for
Walkthrough Directory Browsing
Scoped LAB Scoped LAB
Walkthrough BurpSuite & ZAP interfaces Exploring NMAP for different Scan Options
Using BurpSuite to analyse HTTP Request & Testing HTTP methods with Netcat
Response Server Scan with Nikto
SSL Handshake Analysis with Wireshark Testing Shekkshock Vulnerability
SSL/TLS Security Testing using OpenSSL, SSLScan Burp Suite (Spidering), Wappalyzer, CeWL
and NMAP SSL related Scripts Fuzzing with FuzzDB & Burp Suite (Intruder) to
Testing HeartBleed Vulnerability explore Files & Locations
Using Dirbuster & ZAP to explore hidden
Module#2: Casual Leakage Points Directories
[Reconnaissance] Google to Search hidden Public directories
Why Information Gathering
DNS Protocol: Module#4: Analysing A.A.A. Concerns
o Overview, Working, Zone Transfers About Authentication, Different Schemes
Open Source Intelligence Username Harvesting
Exploring Google Search Side Channel & Timing Attacks
o Keywords & Filters Browser Cache Weakness
Google Hacking Database (GHDB) Cracking Weak Passwords
Exploring Deep-Web Single Sign-On
Information Leakage from Public Sources About Authorization
Website Mirroring Insecure Direct Object References

For more details, visit www.hack2secure.com/wastws

www.hack2secure.com | [email protected]
Hack2Secure Web Application Security Testing Workshop: Reference Guide 4

Directory Traversal Attacks Using BBQSQL & SQLMAP for exploiting SQLi
About Accountability flaw
Error Code Analysis Using Havij for SQLi
Security best Practices for A.A.A.
Scoped LAB Module#8: Cross Site Scripting (XSS)
Using ZAP to explore different Authentication Document Object Model (DOM)
Schemes and Username harvesting XSS
Brute Forcing Weak Passwords o Overview, How it Works, Types
Exploiting Insure Direct Object References o Testing Methods, Attack Scope
Exploiting Directory Traversal Vulnerability Same Origin Policy
HTML Injection
Module#5: Session Management XSS with POST
Stateless Nature of HTTP AJAX
Introducing Sessions & Tracking Methods o Overview, XMLHttpRequest, Mash-Ups
Session Tokens or SessionID o Libraries/Frameworks & related Flaws
o Analysis & Exploring Randomness o Exploring Attack Surfaces
Session Fixation & Hijacking JSON
Session Tampering, Splitting & Smuggling o Overview, Attacks
Securing Cookies: Flags & Attributes o XSS on AJAX JSON Objects
Cross Site Request Forgery Scoped LAB
Scoped LAB XSSer, XSSsniper, XSScrapy, BeEF to explore XSS
Using Burp Suite (Sequencer) to analyse Session Vulnerability
Randomness Using Burp Suite (Intruder) to Fuzz with XSS
Exploring Session Tampering, Fixation & Inputs
Hijacking Attacks Exploring HTML Injection
Exploring Session Splitting & Smuggling Attacks Exploring XSS in AJAX & JSON Objects
Use Case of Secure Cookie Flags & Attributes
XSRF Attack demonstration Module#9: Buffer Overflow Attacks
Heap & Stack Overflow
Module#6: Python & Java Script for Pen- Format String Vulnerabilities [LAB]
Testers
Python & Java Script: Primer Module#10: Scanners & Frameworks
Crafting HTTP Request & Attack scenarios with W3af [LAB]
Python & Java Script [LAB] Metasploit Framework [LAB]

Module#7: Injection Attacks Module#11: Web Application Filters and

Command Injection: About, Root Cause Firewall (WAF)
[Local/Remote] File Inclusion Vulnerability Web Application Defences: Filtering & Firewall
SQL Query: Primer Filtering
SQL Injection (SQLi) o .NET & ESAPI Filtering Options
o About, Root Cause, Analysis Web Firewall
o Type of Injection attacks o Types, Detection & Attack methods
Scoping Attacks with SQLi Scoped LAB
Scoped LAB Exploring filtering & WAF more in detail
Explore Command Injection Vulnerability Exploring ModSecurity Attack Detection
Explore LFI/RFI Vulnerability mechanism
Explore different SQLi Detection methods, Using BurpSuite Intruder & FuzzDB list to
Attacks & Use Cases fingerprint ModSecurity
Using BBQSQL & SQLMAP for exploiting SQLi
For more details, visit www.hack2secure.com/wastws
flaw
www.hack2secure.com | [email protected]
 Hack2Secure Web Application Security Testing Workshop: Reference Guide 5

About WASD Exam

Globally Available | Proctored | 180 mins | 90 MCQ | Passing Grade: 60% | Exam Language: English

Web Application Security Defender (WASD) Certificate program evaluates individual's implementation level
skills required for Web Application Security Assessment. This program ensures candidate's awareness on
Application Security Challenges, Risk, Tools, Techniques and methodologies along with hands-on practical level
knowledge and skill-sets.

WASD is based on Application Security Industry Standards and Best Practices and ensures Knowledge and
Understanding of Secure Web Application Assessment requirements. It walks through different
phases/domains of Application Security Testing and provide required practical strategies and methodologies
to evaluate Security at every level.

Evaluate your Skills in Web Application Security Assessment

Phases of Web Application Security Assessment Benefits

Defining Objectives Validates your practical expertise and
Information Gathering knowledge in Web Application Security
Conduct Assessment Assessment
o Configuration & Deployment Management Get Global Recognition and Credibility
o Identity Management Ensures Real Time skills required to
o Authentication and Authorization handle Web Application Security Risk
o Session Management Demonstrate knowledge of Industry
o Input Validation Standards and Best Practices
o Error Handling Ensures effective skills to measure and
o Testing Cryptography implement Security Controls
o Business Logic Testing
o Client Side Testing
Reporting
To Schedule WASD Exam,
www.pearsonvue.com/hack2secure
For more details, visit www.hack2secure.com/wasd
www.hack2secure.com | [email protected]
Hack2Secure Web Application Security Testing Workshop: Reference Guide 6

FREQUENTLY ASKED QUESTIONS (F.A.Q.)

What to Expect?
7 Days of intensive, deep-dive, hands-on Slide-deck & Lab-guide
practice sessions Training & CPE Certificate from Hack2Secure
Dedicated Lab Setup for each Student

What NOT to Expect?

WASD exam attempt Voucher (Unless specifically provided by H2S or Partner)
Deep-dive to Information Security Basic concepts, apart from scoped curriculum
Providing deep-dive on any Web Programming Language or Technology
Any distribution of License or Key of Commercial Security Tools
Job Opportunity (But, it will be easy to find with this curriculum and skill-set)
Travel, Accommodation
Breakfast, Lunch, Dinner (Unless specifically provided by H2S or Partner)

What Other Exams, apart from WASD I can appear after attending this program?
This workshop is scoped around OWASP Web Application Security Testing guide, which is the primary base
for most of (Vendor Independent) Web Application Security Certification programs like GIACs Web
Application Pentester (GWAPT) etc. From GWAPT prospect, this Web Application Security Testing program
is designed to cover almost all sections and topics as per exam curriculum.

What is the Scope of this Program? Which Web Security Tools I can expect to learn as a
part of curriculum?
As mentioned earlier, this workshop is scoped around OWASP Web Application Security Testing Guide. It
also covers OWASP Top10 Web Application Security Risk from analysis, Testing and defense best practices
prospect.
This program primarily utilizes tools like Burp Suite, Zed Attack Proxy (ZAP), Nmap, Metasploit Framework
(from Web Security prospect), FuzzDb, Nikto, W3af, SQLMAP, XSSer, BeEF etc along with number of other
Web Security Assessment Scripts & Tools.

How this program can assist in my Professional Growth?

Today, Information Security Market is witnessing surge in demand for skilled Security Professionals. As per
Techcrunch, companies have not started giving preference to professionals, who possess Information
Security skills along with domain knowledge in order to combat cyber security job crunch. Professionals
possessing Technical Certification is Security domain tends to get much higher preference and are growing
faster in the industry.
Will I have brighter Job Prospect, after attending this program?
In 2016-17, Domain Web Application Security alone created approx. 12,500 IT Security Job postings in India
(Source: Naukri.com & Linkedin Jobs). Companies around the world use certifications to ensure job
candidates possess in-depth Technical skills. Due to in-depth practical orientation, WASD ensures hiring
employer that candidates is equipped with required security skills and know-how to get the job done.

For more details, visit www.hack2secure.com/wastws

www.hack2secure.com | [email protected]
Hack2Secure Web Application Security Testing Workshop: Reference Guide 7

About Hack2Secure
Hack2Secure
Inspire, Induce, Innovate
The IT Industry has evolved from a standalone desktop and independent applications to a Complex Cloud
environment. Today technology have become so advanced to reduce costs in terms of hardware, software,
development and maintenance, however this has created an increased risk to SECURITY.

Hack2Secure excels in Information Security Domain and offers customised IT Security programs, including
Training, Services and Solutions. Our programs are designed by industry experts and tailored as per specific
needs. We strive to serve with quality, efficiency, and timely delivery through our team of experienced and
certified professionals in Information Security. We help students, professionals and companies with
knowledge, tools and guidance required to be at forefront of a vital and rapidly changing IT industry.

End-to-End Security Services

Hack2Secure offers IT Security Professional Services to provide ways to stay ahead of Security Threats
through adaptive and proactive Security methods like
Secure Software Development Lifecycle
Secure Application Design & Threat Modeling
Application Security Testing
Application/Network/Infrastructure Risk Assessment
Consulting

Security Training
Vendor Independent, Customizable, Across Domains, Multiple Levels
Hack2Secure excels in delivering intensive, immersion security training sessions designed to master
practical steps necessary for defending systems against the dangerous security threats. Our wide range of
fully customizable training courses allow individual to master different aspects of Information Security as
per their industry requirement and convenience.

Delivered Training to more than 15k+ Professionals Globally

Customizable Security Training Programs, aligned with Business Requirements

Security Certification
Globally delivered and Proctored Security Certification programs with PearsonVUE
Vendor Independent Programs based on Industry Security Standards and Practices

For more details, visit www.hack2secure.com/about-us

www.hack2secure.com | [email protected]
www.hack2secure.com HACK2SECURE

[email protected] @hack2secure

+91 (80) 49 58 32 99 Hack2Secure.India

+91 (80) 49 58 33 99

Hack2Secure, #681, First Floor, 15th Cross, 8th Main, 2nd Phase,
J.P. Nagar, Bangalore, Karnataka, 560078

Information Security Training, Services &

Solutions to keep you at forefront of the IT Industry