eWPT Preparation

Module	Course (name and link)	My notes on HackingLife
01	Introduction to Web application testing	-HTTP and HTTPs - Phases of a web application security testing
02	Web Enumeration & Information Gathering	Information gathering
03	WAPT: Web proxies and Web Information Gathering	- BurpSuite - OWASP Zap
04	XSS Attacks	- Cross Site Script vulnerabilities. - XSSer
05	SQL Injection Attacks	- SQL injection: mysql, mssql, postgreSQL, mariadb, oracle database - NoSQL injection: sqlite-injections, mongodb, redis - SQLi Cheat sheet for manual injection - Burpsuite Labs
06	Testing for common attacks	- Testing HTTP Methods - Attacking basic and digest authentication, and OTP - Session management - Session fixation - Session highjacking - CSRF - Command injections - RCE attack - Remote Code Execution
07	File and Resource attacks	- Arbitrary File Upload - File inclusion attacks - Local File Inclusion (LFI) - Remote File Inclusion (RFI)
08	Web Service Security testing	- Web services
09	CMS Security testing	- Pentesting wordpress
10	Encoding, Filtering & Evasion	- Data encoding - Input filtering

eWPTX

Module	Course name	My notes on HackingLife
01	Encoding and filtering	- Data encoding - Input filtering
02	Evasion Basics
03	Cross-Site Scripting	- Cross Site Script vulnerabilities.
04	Filter evasion and WAF Bypasssing
05	Cross-Site Request Forgery
06	HTML 5
07	SQL Injection
08	SQLi - Filter Evasion and WAF Bypassing
09	XML Attacks
10	Attacking Serialization
11	Server Side Attacks
12	Attacking Crypto
13	Attacking Authentication & SSO
14	Pentesting APIs & Cloud Applications
15	Attacking LDAP-based Implementations

Last update: 2025-01-26
Created: February 2, 2024 18:59:47