Hacktify Certified Pentester

Overview
Curriculum
Instructor

About the Certification

Our "Hacktify Certified Pentester" Certification is a comprehensive program meticulously crafted to empower you with the skills and knowledge necessary for the critical task of assessing and securing web applications. In today's increasingly digital landscape, the security of web applications is more crucial than ever. This certification offers a well-structured and hands-on approach to help you not only comprehend the wide array of web application security risks but also to master the methodologies required to effectively mitigate them. As cyber threats continue to evolve, the demand for individuals proficient in web application security is at an all-time high. By the end of this certification, you'll have the competence and confidence to safeguard web applications against vulnerabilities and potential security threats, ensuring their robust protection in an ever-changing digital world. Join us and become a skilled web application security professional who can confidently address the challenges of today's cyber landscape.

What will you learn?

"In this comprehensive Certification, you will master the art of web application security. Covering 18 modules, you'll gain expertise in penetration testing fundamentals, authentication bypass, XSS vulnerabilities, rate limiting, CSRF attacks, and more. Learn to identify and mitigate security risks, including SQL injection, SSRF, and subdomain takeovers. Discover top bug bounty platforms and develop the skills needed to assess and secure web applications. This Certification empowers you to protect digital assets in an ever-evolving digital landscape."

Introduction
Penetration Testing Fundamentals
Authentication Bypass
Cross Site Scripting
Rate Limiting
CSRF
Open Redirect
Cross Origin Resource Sharing Attacks
Click Jacking Attacks
HTML Injection Attacks
Broken Link Hijacking
Session related Issues
SQL Injection Attacks
Server Side Request Forgery
Local File Inclusion
Remote Code Execution
Subdomain Takeovers
Bug Bounty RoadMap
Capstone Project

Module 01

Introduction | 02 Hours

Types of Hackers
Introduction to VAPT
VAPT vs Bug Bounties
Some Basic Terminologies
Setting Up your Hacking environment

Module 02

Penetration Testing Fundamentals | 02 Hours

OWASP10
OWASP 2013 vs 2017 vs 2021
Mitre Framework
Top 10 Rules for Bug Bounties
CVSS Framework

Module 03

Authentication Bypass | 04 Hours

OTP Bypass
Captcha Bypass
Response Manipulation
Status code manipulation
OTP Code leakage
JS File Analysis
2FA Code Reusability
Lack of Bruteforce Protection
Missing 2FA code integrity validation
Password Reset Disable 2FA
Backup Code Abuse
Clickjacking disables 2FA
Enabling 2FA doesn’t expire previous
sessions
Bypass 2FA with null or 00000
Mitigations

Module 04

Cross Site Scripting | 04 Hours

Reflected XSS
Stored XSS
DOM XSS
Blind XSS
Post based XSS
Post Message
Mitigations

Module 05

Rate Limiting | 02 Hours

No Rate Limiting
Rate Limit Bypass using headers
Rate Limit Bypass using special
Characters
Race Conditions
Mitigations

Module 06

CSRF | 02 Hours

CSRF Attacks
CSRF to Account Takeover
CSRF to Account Delete
CSRF Bypass Techniques
Mitigations

Module 07

Open redirect | 02 Hours

Open Redirect Attack
Open Redirect DOM Based Attacks
Open Redirect Bypasses
Mitigations

Module 08

Cross Origin Resource Sharing Attacks | 02 Hours

CORS Attacks via CURL
CORS Attacks via Burpsuite
CORS Attacks Suffix match
CORS Attacks Prefix Match
CORS Attacks Not escape dot
CORS Attacks Substring Match
CORS Attacks Trust Null
CORS Attacks Mitigations

Module 09

Module 09

Click Jacking Attacks | 02 Hours

X-Frame Options
iFrames
Mitigations

Module 10

HTML Injection Attacks | 02 Hours

HTML Injection Iframes
HTML Injection Deface
Mitigations

Module 11

Broken Link Hijacking | 02 Hours

Broken Link Hijacking – Social Media 4 Links
Broken Link Hijacking – Github/S3 Buckets
Mitigations

Module 12

Session related Issues | 02 Hours

Session Hijacking
Session Fixation
Failure to Invalidate Session
Mitigations

Module 13

SQL Injection Attacks | 04 Hours

SQL Injection Types
SQL Injection with SQLMap
SQL Injection Bypass with Atlas
Mitigations

Module 14

Server Side Request Forgery | 02 Hours

SSRF Fundamentals
Internal SSRF
External SSRF
Microstratergy SSRF
Mitigations

Module 15

Local File Inclusion| 02 Hours

Local File Attacks
Local File MPEG Attacks
Local File Inclusion Linux Attacks
Local File Inclusion Windows Attacks
Mitigations

Module 16

Remote Code Execution | 02 Hours

RCE
Apache Struts2 RCE
File Upload RCE
Apache Tomcat WAR RCE
Mitigations

Module 17

Subdomain Takeovers | 02 Hours

Active Subdomain Takeovers
Passive Subdomain Takeovers
Subdomain Takeovers – AWS
Subdomain Takeovers – Shopify
Subdomain Takeovers – Can I Take Over
XYZ 2
Subdomain Takeovers – New Exclusive
Takeover Template
Mitigations

Module 18

Bug Bounty Road Map | 02 Hours

Bugcrowd Platform
Hackerone Platform
Intigriti Platform
RVDP NCIIPC
Private RVDP Programs

Module 19

Capstone Project | 04 Hours

Web App Capstone Project
Professional Report Writing

Exam – MCQ + Practical | 04 Hours

Our Instructor

Meet Our Expert Instructor

Rohit Gautam

Hacktify Certified Instructor

Winner of Cyber Security Samurai of Year 2023, Director at Hacktify, Principal Security Consultant, Adjunct Prof. at Mandsaur University.

Shifa Cyclewala

Hacktify Certified Instructor

Winner of Top 20 Women Influencers Cyber Security in India 2022. Winner of Top Women Influencer Cyber Security in India 2023 by Bsides Bangalore.

hacktify team

Hacktify Certified Instructor's

We are a team of passionate cybersecurity experts, hackers turned ethical defenders, and technology enthusiasts Blue Team Cyber Suraksha 2023 Indian Army 2021 (Sainya Ranakshetram) Hackathon by Karnataka Govt. 2020 CIT Hackathon 2022 Noob Army Vulncon 2020 Southern California Tech Summit 2021

Month

0 +

Labs

24/7

Support

BENEFITS OF HACKTIFY CERTIFIED PENTESTER

Comprehensive Introduction to Web Application Security: This course offers a comprehensive introduction to web application security, equipping students with a strong foundational knowledge of the key concepts and terminologies related to security in web applications.

Expertise in Penetration Testing Fundamentals: Students gain a deep understanding of penetration testing fundamentals, including insights into the OWASP Top Ten, Mitre Framework, and CVSS Framework. This knowledge is invaluable for identifying vulnerabilities and conducting security assessments.

Authentication Bypass Skills: Students learn various techniques for authentication bypass, including OTP bypass, captcha bypass, and response manipulation. This knowledge is crucial for identifying and mitigating vulnerabilities related to user authentication.

Proficiency in Handling Cross-Site Scripting (XSS) Vulnerabilities: XSS is a prevalent web application security issue. This course covers various types of XSS attacks, along with mitigations, enabling students to recognize and remediate these vulnerabilities effectively.

Rate Limiting and CSRF Expertise: The course delves into rate limiting and CSRF (Cross-Site Request Forgery) attacks, including their impact and mitigation techniques. Students develop the skills necessary to prevent and address these security threats.

Real-World Application: With a capstone project at the end of the course, students have the opportunity to apply the knowledge gained in a practical context. They'll engage in a web application security project and learn professional report writing, preparing them for real-world scenarios.