we believe in what we do.
Penetration testing (also called pen testing) is the practice of testing a computer system, network or Web application to find vulnerabilities that an attacker could exploit.
Pen tests can be automated with software applications or they can be performed manually. Either
way, the process includes gathering information about the target before the test (reconnaissance),identifying possible entry points, attempting to break in (either virtually or for real) and reporting back the findings.
The main objective of penetration testing is to determine security weaknesses. A pen test can also be used to test an organization's security policy compliance, its employees' security awareness and the organization's ability to identify and respond to security incidents.
Penetration tests are sometimes called white hat attacks because in a pen test, the good guys are
attempting to break in.
Penetration Testing Stages:
- Scope/Goal Definition
- Information Gathering
- Vulnerability Detection
- Information Analysis and Planning
- Attack & Penetration/Privilege Escalation
- Result Analysis & Reporting
Syllabus for Penetration Testing Course
- Chapter 1 - Web Architectures
- Chapter 2 - Web Application Introduction
- Chapter 3 - PHP-Basics
- Chapter 4 - Sessions & Cookies
- Chapter 5 - XSS Attacks
- Chapter 6 - Advanced SQLI
- Chapter 7 - Cross Site Request Forgery
- Chapter 8 - Session Hijacking
- Chapter 9 - Web based DDOS Attacks
- Chapter 10 - PHP Injection
- Chapter 11 - Web Based Worms
- Chapter 12 - Flash based Web Attacks
- Chapter 13 - I-Frame based Web Attacks
- Chapter 14 - Clickjacking
- Chapter 15 - Attack frameworks: AttackAPI & BeEF
- Chapter 16 - Penetration testing on DVWA
- Chapter 17 - Honeytokens
- Chapter 18 - OWASP Top 10
- Chapter 19 - Metasploit and Web Application
- Chapter 20 - PHP Curl
- Chapter 21 - Automated Bots
- Chapter 22 - Phishing 2.0
- Chapter 23 - Brute forcing Web Applications
- Chapter 24 - Compliance Methodologies and Legalities