| Module | Topics Covered | |--------|----------------| | 1. Introduction | Ethical hacking principles, legal considerations, course setup | | 2. Web Server Hacking | Server fingerprinting, directory brute-forcing, misconfiguration exploits, HTTP methods (PUT/DELETE risks) | | 3. Web App Recon | Google dorking, robots.txt analysis, Wappalyzer, Burp Suite setup | | 4. OWASP Top 10 Deep Dive | SQL injection (error-based, blind), Cross-Site Scripting (reflected, stored, DOM), CSRF, broken authentication, SSRF | | 5. Exploitation Tools | Using SQLmap, OWASP ZAP automated scans, Burp Intruder/Repeater | | 6. Defense & Reporting | Input validation, parameterized queries, CSP headers, patch management, writing pentest reports | | 7. Conclusion | Final challenge lab (simulated vulnerable web app) |
Malcolm, the instructor, provided feedback and guidance, encouraging Emily to continue learning and practicing her skills. With her newfound knowledge and skills, Emily was ready to take on real-world challenges and make a difference in the field of cybersecurity. | Module | Topics Covered | |--------|----------------| | 1
: Techniques for SQL injections and injecting commands directly through URL strings. Web App Recon | Google dorking, robots
The course concludes with practical scenarios to solidify skills: Training in the . She identified several open ports
Emily started by scanning the web server and web application using Nmap and ZAP. She identified several open ports, including port 80 (HTTP) and port 443 (HTTPS). She also discovered that the web application was built using PHP and MySQL.
: The curriculum heavily features the Open Web Application Security Project (OWASP) and maps directly to the 20 parts of the EC-Council CEH exam . Detailed Course Guide 1. Introduction to Web Fundamentals