This module covers the basic terminologies used in the whole course module. This essentially covers some well known terms such as injection point, different sides of the web, where to find bugs, what to look for and what not to look for and also how exactly you can find weaknesses in a web-application.

1. Front end - contents and approach
2. Back end - contents and approach
3. Weakest and the strongest part of a website

Gathering information and knowledge about the target machine or network infrastructure is the first step in ethical hacking. Information gathering a.k.a Reconnaissance, the first step of ethical hacking, is a collection of procedures and techniques used to gather and collect information about the target device or network system. In this module we will learn how to perform reconnaissance in web-applications.

1. Setting up the lab
2. Installing tools
3. Choosing the target
4. Practical approach to information gathering

Burp, also known as Burp Suite, is a collection of tools for web application penetration testing. Portswigger is the organisation that produced it. Among experienced web app security researchers and bug bounty hunters, it is the most widely used tool.

1. What is burp-suite
2. Installation and set-up
3. Setting up burp suite to understanding its different components
4. Using burp-suite on a live target

The Open Web Application Protection Project (OWASP) is a non-profit organisation dedicated to the security of web applications. One of OWASP's fundamental values is that all of their materials should be freely available and easy to find on their website, allowing everyone to enhance the security of their own web applications. Documentation, software, videos, and forums are among the resources available. The OWASP Top 10 is perhaps their most well-known project.The OWASP Top 10 is a regularly updated report that outlines web application security issues, focusing on the ten most important threats.

1. What is OWASP
2. OWASP top 10 and the approach towards auditing a web-application

The injection of malicious code into a compromised web application is known as cross-site scripting (XSS). An effective cross-site scripting attack can be extremely damaging to an online business's credibility and client relationships. User accounts can be hacked, Trojan horse programmes enabled, and page content changed, depending on the nature of the attack, duping users into willingly handing over their personal information. In this module we will learn the basic of XSS.

1. What is xss
2. Types of XSS
3. Basics methodology
4. Basic payloads and its usage

The injection of malicious code into a compromised web application is known as cross-site scripting (XSS). An effective cross-site scripting attack can be extremely damaging to an online business's credibility and client relationships. User accounts can be hacked, Trojan horse programmes enabled, and page content changed, depending on the nature of the attack, duping users into willingly handing over their personal information. In this module we will learn how to look for xss and how to apply it on a live target.

1. Hunting for xss
2. Application of xss on a live target

The injection of malicious code into a compromised web application is known as cross-site scripting (XSS). An effective cross-site scripting attack can be extremely damaging to an online business's credibility and client relationships. User accounts can be hacked, Trojan horse programmes enabled, and page content changed, depending on the nature of the attack, duping users into willingly handing over their personal information. In this module we will learn how to manually build and deploy xss payloads.

1. Building manual payload
2. Automatic application of payloads on a target

It is common practise to host several websites or web applications on the same IP address on the same web server. This is why the host header was created. An incoming HTTP request's host header defines which website or web application can handle it. The value of this header is used by the web server to route the request to the required website or web application.

1. Overview of host header injection
2. Open redirection
3. Cache poisoning
4. XSS through host header

Bypassing the system authentication mechanism, an authentication bypass vulnerability may enable attackers to perform a variety of malicious operations. What's the problem - A weak authentication mechanism is at the root of the authentication bypass exploit. An attacker may bypass authentication if an organisation fails to implement strict access policies and authentication controls. Attackers search for unprotected files, gain access to them, collect information, and then attempt to attack protected applications by circumventing the authentication framework.

1. What is authentication bypass
2. Authentication Bypass Exploitation Captcha
3. Authentication Bypass to Account Takeover
4. Authentication Bypass due to OTP Exposure

Cross-site request forgery (CSRF), also known as XSRF, Sea Surf, or Session Riding, is an attack vector that uses a web browser to trick it into performing an unauthorised action in an application where the user is logged in. An effective CSRF attack has the potential to be disastrous for both the company and the customer. Client relationships can be harmed, funds transferred without authorization, passwords modified, and data stolen, including session cookies.

1. CSRF - overview
2. CSRF on lab
3. CSRF in depth

Web browsers use a variety of principles to enforce web application protection, one of the most critical of which is the Same-Origin Policy (SOP). The SOP's goal is to prevent scripts loaded on the origin from interfering with resources hosted on other origins. An origin is made up of a protocol, hostname, and port combination.CORS is a World Wide Web Consortium (W3C)-defined extension to the SOP that allows web applications to add the origins that are required to read responses to cross-domain requests to an allowlist and implement it at the client browser level.

1. How CORS Works
2. CORS Mitigations
3. CORS report analysis

SQL injection, also known as SQLI, is a popular attack vector in which malicious SQL code is used to manipulate backend databases and gain access to data that was not intended to be displayed. This data could include everything from confidential company data to user lists to private customer information.

1. SQL injection concept
2. Lab setup
3. Injection point for SQL injection
4. Get based SQLI
5. POST based SQLI
6. Header based SQLI

A cyber attack involving the execution of arbitrary commands on a host operating system is known as command injection (OS). Typically, the threat actor injects the commands by taking advantage of an application flaw, such as a lack of input validation. Direct execution of shell commands, inserting malicious files into a server's runtime system, and leveraging vulnerabilities in configuration files, such as XML external entities, are all examples of command injection (XXE).

1. Background concept about command injection
2. Command injection on LAB
3. Exploitation of command injection

In this module we will revise the sessions and we will learn how to convert all of this found vulnerabilities into a nicely drafted report. We will also be talking about e-mail templates and how to provide proof of concepts for each and every found vulnerabilities.

1. Industry standard report for auditing
2. Bug bounty POC and report writing