WAST WORKSHOP

[WEB APPLICATION SECURITY TESTING]

Explore, Analyse & Evaluate Web Security Flaws

Program Reference Guide

Dedicated Laptop WASD
7 Days Hands-On
Lab Required Curriculum

www.hack2secure.com | training@hack2secure.com
Hack2Secure Web Application Security Testing Workshop: Reference Guide 1

Table of Content

About Web Application Security Testing Workshop Page 2

Curriculum Page 3
About WASD Exam Page 5
Frequently Asked Questions (FAQ) Page 6
About Hack2Secure Page 7

www.hack2secure.com | training@hack2secure.com
 Hack2Secure Web Application Security Testing Workshop: Reference Guide 2

WORKSHOP: WEB APPLICATION SECURITY TESTING

7 DAYS | HANDS-ON | LAPTOP REQUIRED| 42 CPEs| WASD CURRICULUM

Hack2Secures Workshop on Web Application Security Testing provides hands-on exposure using both
Real-Time scenarios and Simulated Lab environment to required Tools and Techniques on different Web
Security Risk and Attack vectors.
Scoped around OWASP Web Application Security Testing Guide, these intensive practical sessions
provides deep-dive on required practical tips and tricks to evaluate, test and assess Security of Web
Application.

Key Take Away

Active and Passive Reconnaissance methods
Google Hacking and Deep-Web
SSL/TLS Handshake and Testing methods
Scanning, Fingerprinting and Spidering
Authentication, Authorization and
Accountability
Session Management & related Attacks
Cross Site Request Forgery
Python and Java Script for Security Testers
SQL Injection
Local and Remote File Inclusion
Vulnerabilities
Cross Site Scripting
Format String Vulnerabilities
Web Application Filters & Firewalls
W3af, Nikto, Metasploit Framework
BeEF, XSSer, SQLmap, Nmap, Recon-ng
Burp Suite and Zed Attack Proxy (ZAP)

Who Should Attend?

Security Team Software Development Team

Security Engineers and Testers Application/Software Developers

Application/Software Penetration Testers Quality Assurance Team

Application/Software Security Analyst Application/Software Architects

Security Consultants Software Consultants

Auditors, Product Security Office Research Engineers

Security Mangers Team Leads, Technical Mangers

Student Student

Students [Management & Technical Stream] Anyone

Looking to pursue Career in Web Application Who wants to evaluate his skills in Web Application
Security Assessment/Testing Security Assessment/Testing

For more details, visit www.hack2secure.com/wastws

www.hack2secure.com | training@hack2secure.com
 Hack2Secure Web Application Security Testing Workshop: Reference Guide 3

WORKSHOP CURRICULUM
Module#1: Building the Base Scoped LAB
[Concepts, Processes & Methodologies] WHOIS analysis
Understanding the Web DNS Scan with Nslookup, DNSRecon, NMAP DNS
Importance of Web Application Security related NSE Scripts
Web 2.0 & Related Concerns Metasploit for DNS Scan
Web Application Security Testing (WAST): Google Filters & Hacking Database
Current Approach Setting-up Lab for Deep-Web exploration
Web Application Penetration Testing (WAPT): SHODAN to explore Devices on Network
Approach TheHarvester & Recon-Ng for Information
Introducing Web Proxies: Burp Suite & ZAP Gathering
HTTP Protocol HTtrack for Website Mirroring
o History, Versions
o Request Methods, Status Codes Module#3: Looking for Entry Point
Web Sockets: Introduction [Scanning, Fingerprinting & Spidering]
HTTPS Protocol Scanning: Identifying Services & Configurations
o Introduction Fingerprinting Web Server
o SSL/TLS handshake, Testing Methods Software Configuration level flaws
o Vulnerability Case Study: HeartBleed Vulnerability Case Study: ShellShock
OWASP Web Application Security Testing Guide: Spidering/Crawling
Walkthrough Fuzzing:
OWASP Top10 Web Application Security Risk: o About, What to Look for
Walkthrough Directory Browsing
Scoped LAB Scoped LAB
Walkthrough BurpSuite & ZAP interfaces Exploring NMAP for different Scan Options
Using BurpSuite to analyse HTTP Request & Testing HTTP methods with Netcat
Response Server Scan with Nikto
SSL Handshake Analysis with Wireshark Testing Shekkshock Vulnerability
SSL/TLS Security Testing using OpenSSL, SSLScan Burp Suite (Spidering), Wappalyzer, CeWL
and NMAP SSL related Scripts Fuzzing with FuzzDB & Burp Suite (Intruder) to
Testing HeartBleed Vulnerability explore Files & Locations
Using Dirbuster & ZAP to explore hidden
Module#2: Casual Leakage Points Directories
[Reconnaissance] Google to Search hidden Public directories
Why Information Gathering
DNS Protocol: Module#4: Analysing A.A.A. Concerns
o Overview, Working, Zone Transfers About Authentication, Different Schemes
Open Source Intelligence Username Harvesting
Exploring Google Search Side Channel & Timing Attacks
o Keywords & Filters Browser Cache Weakness
Google Hacking Database (GHDB) Cracking Weak Passwords
Exploring Deep-Web Single Sign-On
Information Leakage from Public Sources About Authorization
Website Mirroring Insecure Direct Object References

For more details, visit www.hack2secure.com/wastws

www.hack2secure.com | training@hack2secure.com
Hack2Secure Web Application Security Testing Workshop: Reference Guide
Directory Traversal Attacks
About Accountability
Error Code Analysis
Security best Practices for A.A.A.
Scoped LAB
Using ZAP to explore different Authentication
Schemes and Username harvesting
Brute Forcing Weak Passwords
Exploiting Insure Direct Object References
Exploiting Directory Traversal Vulnerability
Module#5: Session Management
Stateless Nature of HTTP
Introducing Sessions & Tracking Methods
Session Tokens or SessionID
o Analysis & Exploring Randomness
Session Fixation & Hijacking
Session Tampering, Splitting & Smuggling
Securing Cookies: Flags & Attributes
Cross Site Request Forgery
Scoped LAB
Using Burp Suite (Sequencer) to analyse Session
Randomness
Exploring Session Tampering, Fixation &
Hijacking Attacks
Exploring Session Splitting & Smuggling Attacks
Use Case of Secure Cookie Flags & Attributes
XSRF Attack demonstration
Module#6: Python & Java Script for Pen-
Testers
Python & Java Script: Primer
Crafting HTTP Request & Attack scenarios with
Python & Java Script [LAB]
Module#7: Injection Attacks
Command Injection: About, Root Cause
[Local/Remote] File Inclusion Vulnerability
SQL Query: Primer
SQL Injection (SQLi)
o About, Root Cause, Analysis
o Type of Injection attacks
Scoping Attacks with SQLi
Scoped LAB
Explore Command Injection Vulnerability
Explore LFI/RFI Vulnerability
Explore different SQLi Detection methods,
Attacks & Use Cases
Using BBQSQL & SQLMAP for exploiting SQLi
For more details, visit www.hack2secure.com/wastws
flaw
4
Using BBQSQL & SQLMAP for exploiting SQLi
flaw
Using Havij for SQLi
Module#8: Cross Site Scripting (XSS)
Document Object Model (DOM)
XSS
o Overview, How it Works, Types
o Testing Methods, Attack Scope
Same Origin Policy
HTML Injection
XSS with POST
AJAX
o Overview, XMLHttpRequest, Mash-Ups
o Libraries/Frameworks & related Flaws
o Exploring Attack Surfaces
JSON
o Overview, Attacks
o XSS on AJAX JSON Objects
Scoped LAB
XSSer, XSSsniper, XSScrapy, BeEF to explore XSS
Vulnerability
Using Burp Suite (Intruder) to Fuzz with XSS
Inputs
Exploring HTML Injection
Exploring XSS in AJAX & JSON Objects
Module#9: Buffer Overflow Attacks
Heap & Stack Overflow
Format String Vulnerabilities [LAB]
Module#10: Scanners & Frameworks
W3af [LAB]
Metasploit Framework [LAB]
Module#11: Web Application Filters and
Firewall (WAF)
Web Application Defences: Filtering & Firewall
Filtering
o .NET & ESAPI Filtering Options
Web Firewall
o Types, Detection & Attack methods
Scoped LAB
Exploring filtering & WAF more in detail
Exploring ModSecurity Attack Detection
mechanism
Using BurpSuite Intruder & FuzzDB list to
fingerprint ModSecurity
www.hack2secure.com | training@hack2secure.com
 Hack2Secure Web Application Security Testing Workshop: Reference Guide 5

About WASD Exam

Globally Available | Proctored | 180 mins | 90 MCQ | Passing Grade: 60% | Exam Language: English

Web Application Security Defender (WASD) Certificate program evaluates individual's implementation level
skills required for Web Application Security Assessment. This program ensures candidate's awareness on
Application Security Challenges, Risk, Tools, Techniques and methodologies along with hands-on practical level
knowledge and skill-sets.

WASD is based on Application Security Industry Standards and Best Practices and ensures Knowledge and
Understanding of Secure Web Application Assessment requirements. It walks through different
phases/domains of Application Security Testing and provide required practical strategies and methodologies
to evaluate Security at every level.

Evaluate your Skills in Web Application Security Assessment

Phases of Web Application Security Assessment Benefits

Defining Objectives Validates your practical expertise and
Information Gathering knowledge in Web Application Security
Conduct Assessment Assessment
o Configuration & Deployment Management Get Global Recognition and Credibility
o Identity Management Ensures Real Time skills required to
o Authentication and Authorization handle Web Application Security Risk
o Session Management Demonstrate knowledge of Industry
o Input Validation Standards and Best Practices
o Error Handling Ensures effective skills to measure and
o Testing Cryptography implement Security Controls
o Business Logic Testing
o Client Side Testing
Reporting
To Schedule WASD Exam,
www.pearsonvue.com/hack2secure
For more details, visit www.hack2secure.com/wasd
www.hack2secure.com | certificate@hack2secure.com
Hack2Secure Web Application Security Testing Workshop: Reference Guide 6

FREQUENTLY ASKED QUESTIONS (F.A.Q.)

What to Expect?
7 Days of intensive, deep-dive, hands-on Slide-deck & Lab-guide
practice sessions Training & CPE Certificate from Hack2Secure
Dedicated Lab Setup for each Student

What NOT to Expect?

WASD exam attempt Voucher (Unless specifically provided by H2S or Partner)
Deep-dive to Information Security Basic concepts, apart from scoped curriculum
Providing deep-dive on any Web Programming Language or Technology
Any distribution of License or Key of Commercial Security Tools
Job Opportunity (But, it will be easy to find with this curriculum and skill-set)
Travel, Accommodation
Breakfast, Lunch, Dinner (Unless specifically provided by H2S or Partner)

What Other Exams, apart from WASD I can appear after attending this program?
This workshop is scoped around OWASP Web Application Security Testing guide, which is the primary base
for most of (Vendor Independent) Web Application Security Certification programs like GIACs Web
Application Pentester (GWAPT) etc. From GWAPT prospect, this Web Application Security Testing program
is designed to cover almost all sections and topics as per exam curriculum.

What is the Scope of this Program? Which Web Security Tools I can expect to learn as a
part of curriculum?
As mentioned earlier, this workshop is scoped around OWASP Web Application Security Testing Guide. It
also covers OWASP Top10 Web Application Security Risk from analysis, Testing and defense best practices
prospect.
This program primarily utilizes tools like Burp Suite, Zed Attack Proxy (ZAP), Nmap, Metasploit Framework
(from Web Security prospect), FuzzDb, Nikto, W3af, SQLMAP, XSSer, BeEF etc along with number of other
Web Security Assessment Scripts & Tools.

How this program can assist in my Professional Growth?

Today, Information Security Market is witnessing surge in demand for skilled Security Professionals. As per
Techcrunch, companies have not started giving preference to professionals, who possess Information
Security skills along with domain knowledge in order to combat cyber security job crunch. Professionals
possessing Technical Certification is Security domain tends to get much higher preference and are growing
faster in the industry.
Will I have brighter Job Prospect, after attending this program?
In 2016-17, Domain Web Application Security alone created approx. 12,500 IT Security Job postings in India
(Source: Naukri.com & Linkedin Jobs). Companies around the world use certifications to ensure job
candidates possess in-depth Technical skills. Due to in-depth practical orientation, WASD ensures hiring
employer that candidates is equipped with required security skills and know-how to get the job done.

For more details, visit www.hack2secure.com/wastws

www.hack2secure.com | training@hack2secure.com
Hack2Secure Web Application Security Testing Workshop: Reference Guide 7

About Hack2Secure
Hack2Secure
Inspire, Induce, Innovate
The IT Industry has evolved from a standalone desktop and independent applications to a Complex Cloud
environment. Today technology have become so advanced to reduce costs in terms of hardware, software,
development and maintenance, however this has created an increased risk to SECURITY.

Hack2Secure excels in Information Security Domain and offers customised IT Security programs, including
Training, Services and Solutions. Our programs are designed by industry experts and tailored as per specific
needs. We strive to serve with quality, efficiency, and timely delivery through our team of experienced and
certified professionals in Information Security. We help students, professionals and companies with
knowledge, tools and guidance required to be at forefront of a vital and rapidly changing IT industry.

End-to-End Security Services

Hack2Secure offers IT Security Professional Services to provide ways to stay ahead of Security Threats
through adaptive and proactive Security methods like
Secure Software Development Lifecycle
Secure Application Design & Threat Modeling
Application Security Testing
Application/Network/Infrastructure Risk Assessment
Consulting

Security Training
Vendor Independent, Customizable, Across Domains, Multiple Levels
Hack2Secure excels in delivering intensive, immersion security training sessions designed to master
practical steps necessary for defending systems against the dangerous security threats. Our wide range of
fully customizable training courses allow individual to master different aspects of Information Security as
per their industry requirement and convenience.

Delivered Training to more than 15k+ Professionals Globally

Customizable Security Training Programs, aligned with Business Requirements

Security Certification
Globally delivered and Proctored Security Certification programs with PearsonVUE
Vendor Independent Programs based on Industry Security Standards and Practices

For more details, visit www.hack2secure.com/about-us

www.hack2secure.com | info@hack2secure.com
www.hack2secure.com HACK2SECURE

training@hack2secure.com @hack2secure

+91 (80) 49 58 32 99 Hack2Secure.India

+91 (80) 49 58 33 99

Hack2Secure, #681, First Floor, 15th Cross, 8th Main, 2nd Phase,
J.P. Nagar, Bangalore, Karnataka, 560078

Information Security Training, Services &

Solutions to keep you at forefront of the IT Industry