starter part 6

11. Email Security

12. Achieving a web penetration testing methodology


Pentest methodology

OWASP Testing Guide v4 - includes a "best practice" penetration testing framework. OWASP WSTG - is a comprehensive open source guide to testing the security of web apps.



Keeping notes during a pentest

Scoping a Pentest

Web Penetration Testing


Read Web For Pentester 1, 2 Web Security Generic Misconceptions Automated vulnerability analysis with owasp zap Applications to Automate VAPT


Burpsuite Course


Using Burpsuite Installing Burpsuite extensions

12.1 OWASP Top 10 Attacks

o Sensitive Data Exposure o Insecure Direct Object References o SQL Injections • Authentication Bypass Injection • Blind Injections • Error Based Injection • Union Based Injection • Stacked Query Injection • Time Based Injection o Cross Site Scripting (XSS) o Broken Authentication and Session Management o CSRF o Missing Function Level Access Control o Invalidated Redirects and Forwards o Security Misconfiguration o Using components with known vulnerabilities

12.2 Common web Vulnerabilities

-Code execution -Local file inclusion -Remote file inclusion -Brute Forcing Attack -Heartbleed Attack -Shell Shock / Bashbug -HTTP Response Splitting -Denial Of Service Attacks -Arbitrary File Upload

12.3 Web Pentesting Tryhackme Rooms (@xan0er)

13.Password cracking

-Making custom wordlists -Rainbow tables and where to find -Make rainbow tables -Bruteforce attacks -Password spraying -Credential stuffing -Top wordlists:

13.1 Password cracking Tryhackme Rooms (@xan0er)