Skip to content

eWPT Preparation

Module Course (name and link) My notes on HackingLife
01 Introduction to Web application testing -HTTP and HTTPs
- Phases of a web application security testing
02 Web Enumeration & Information Gathering Information gathering
03 WAPT: Web proxies and Web Information Gathering - BurpSuite
- OWASP Zap
04 XSS Attacks - Cross Site Script vulnerabilities.
- XSSer
05 SQL Injection Attacks - SQL injection:
mysql,
mssql,
postgreSQL,
mariadb,
oracle database

- NoSQL injection:
sqlite,
mongodb,
redis

- SQLi Cheat sheet for manual injection
- Burpsuite Labs
06 Testing for common attacks - Testing HTTP Methods
- Attacking basic and digest authentication, and OTP

- Session management
- Session fixation
- Session highjacking

- CSRF
- Command injections
- RCE attack - Remote Code Execution
07 File and Resource attacks - Arbitrary File Upload
- Directory Traversal attack
- Local File Inclusion (LFI)
- Remote File Inclusion (RFI)
08 Web Service Security testing - Web services
09 CMS Security testing - Pentesting wordpress
10 Encoding, Filtering & Evasion - Data encoding
- Input filtering

eWPTX

Module Course name My notes on HackingLife
01 Encoding and filtering - Data encoding
- Input filtering
02 Evasion Basics
03 Cross-Site Scripting - Cross Site Script vulnerabilities.
04 Filter evasion and WAF Bypasssing
05 Cross-Site Request Forgery
06 HTML 5
07 SQL Injection
08 SQLi - Filter Evasion and WAF Bypassing
09 XML Attacks
10 Attacking Serialization
11 Server Side Attacks
12 Attacking Crypto
13 Attacking Authentication & SSO
14 Pentesting APIs & Cloud Applications
15 Attacking LDAP-based Implementations
Last update: 2024-04-16
Created: February 2, 2024 18:59:47