Web Hacking and Secure Coding

Day 1

● Intro to Web Technologies
● HTML
● HTTP
● Web Servers technologies
● Development Technologies
● Fingerprinting web servers – 3rd party
● Fingerprinting web servers – Direct
● Identifying web applications
● Web Servers misconfigurations
● Web Servers weaknesses

Day 2

● Authentication / HTTP, Forms, App
● GET/POST in forms
● Session Management
● Brute Forcing l/p
● Session Hijacking
● Brute forcing authorization tokens
● Securing session management
● JavaScript programming

Day 3

● Cross Site Scripting attacks
● CSS Solutions
● Session management vulnerabilities
● Timing solutions to session Management issues
● Password Recovery issues
● Cross Site Request Forgery attack
● Defending against CSRF
● Command injection attacks
● Protecting against Command Injections

Day 4

● Intro to Cryptography
● Symmetric Algorithms
● Asymmetric Algorithms
● Signature Algorithms
● SSL
● Using Cryptography securely
● Man in the middle attacks
● Databases
● SQL programming
● Basic SQL Injection attacks

Day 5

● SQL Injection using Union
● Blind SQL Injection
● Avoiding SQL Injections
● Data flow errors
● HTTP Error Handling weaknesses
● Application Error Handling weaknesses
● Secure Error management
● Forceful browsing
● Parameter Guessing
● Predicting files and directory names