Complete WebApplication Penetration Testing Practical C|WAPT



Hello everyone..!!

welcome to the CWAPT i.e. the entire Web application Penetration Testing Practical Course . My name is DEBAYAN DEY and that i are going to be your Instructor for the CWAPT Course.

Now this course is meant for anyone who is curious about learning how an attacker attack and obtain the knowledge from website by exploiting various vulnerabilities available.

CWAPT is meant by keeping in mind that the majority folks are having laptops or computer machine to figure for many of the time and during a survey , we came up with the solution that the majority of the pc users are considerably curious about Learning how Web Application Penetration Testing works and what are the method during which we use penetration testing and security skills to seek out different vulnerabilities in web applications. As we all know , website and webservers plays a crucial role in every modern organization, Thats why during this course curriculum , Only you would like a computer device and this complete course is 100% practical based ! isn’t this amazing ??? and everything are going to be explained thorough , followed with reading materials and quizes which can offer you a lift within the field of Ethical Hacking!!! so beat one , you only require a computer device and switch it into powerful ethical hacking machine.

Little brief about my name , i’m Certified Secure person (CSCU) v2 , and authorized Ethical Hacker (CEH V10) from EC COUNCIL

also i’m certified Google IT support from Google , and currently doing micromaster within the Field of Cyber Security from Rochester institute of technology (RIT) ny in edx .

here are few of my other accomplishments within the field of cyber security ,

Introduction to Cyber Attacks , ny University

introduction to Cyber security for business , University of Colorado System

Palo Alto Networks academy cybersecurity foundation , Palo Alto networks

International cyber conflicts , The State University of latest York

Cyber Attacks Countermeasures , ny University

Networking ans security Architecture with Vmware NSX

Enterprise System Management and security ,University of Colorado System

Rest we’ll have a meet and greet section to understand other Learners …!!!

so whats there during this CAEHP COURSE?

First of all i might like to tell you , that this course isn’t limited to time . you’ll see 4 or 5 sections today , once you land during this course after few weeks , you will see more sections and videos are added up. so this is often the advantage of taking this course that you’re going to get regular updates about the new features and attacks and the way you , as a private person also as organization or company can prevent from such an attack.

The web application penetration testing key outcome is to spot security weakness across the whole web application and its components (source code, database, back-end network).It also helps in prioritizing the identified vulnerabilities and threats, and possible ways to mitigate them.

so keeping these outcomes in mind , in 1st section of CWAPT course ,

you’ll encounter the fixing the lab environment wherein you’ll download N install virtual box , then Kali linux 2020 and therefore the entire configuration.

Meet and Greet !!!

Downloading and installation of virtual box

Understanding of what’s Virtual Machine

Download of Kali Linux Virtual Box image

Installation of Kali linux 2020

Booting up kali in virtual box for the first time

Default login and update and upgrade

Full Screen and understanding FSH i.e. filing system Hierarchy

and far more with Reading Materials and Quizzes ..!!

in 2nd section ,

we will encounter various commands utilized in Kali Linux and we’ll get conversant in our Hacking machine. this section is extremely important as you will be understanding the essential commands which we’ll be using in our course , so confirm you understand this section very clearly.

Basic linux command who am i

Basic Commands su and pwd

Basic command ls touch nano

Basic command cat cp mkdir

Basic Command mv and rm

System and User Commands

Network commands

Add New User with full sudo Permission

the way to delete user using instruction

and far more with Reading Materials and Quizzes ..!!

next section , i.e. our 3rd Section will cover DVWA.

What is DVWA?

DVWA may be a DAMM VULNERABLE WEB APP coded in PHP/MYSQL. Seriously it’s too vulnerable. during this app security professionals, ethical hackers test their skills and run this tools during a legal environment. It also helps web developer better understand the processes of securing web applications and teacher/students to teach/learn web application security during a safe environment.

what’s DVWA

XAMPP Theory and Installation

DVWA download Install and configuration with XAMPP

Command Injection Low , Medium and High Security

File Inclusion Low , Medium and High Security

File Upload Low , Medium and High Security

XSS DOM Low , Medium and High Security

XSS Reflected Low , Medium and High Security

XSS Stored Low , Medium and High Security

and far more with Reading Materials and Quizzes ..!!

The aim of DVWA is to practice a number of the foremost common web vulnerability, with various difficulties levels.

We gonna learn what’s DVWA used for , we’ll use XAMP and understand its working.

As the name suggests DVWA has many web vulnerabilities. Every vulnerability has four different security levels, low, medium, high and impossible. the safety levels provides a challenge to the ‘attacker’ and also shows how each vulnerability are often counter measured by secure coding.

We’ll cover command injection , file inclusion , file upload various cross site scripts, we’ll encounter burp suite and far more

So monthly , you will get regular updates during this DVWA section.

Coming to our 4th section , we’ll work with OWASP MUTILLIDAE.

OWASP Mutillidae II may be a free, open source, deliberately vulnerable web-application providing a target for web-security enthusiast. it’s over 40 vulnerabilities and challenges. Contains a minimum of one vulnerability for every of the OWASP Top Ten 2007, 2010, 2013 and 2017.

Download and install Mutillidae II

Root access denied fixed

SQL Injection

SQL Injection Reexplained

SQL injection with SQL MAP

the way to solve show hints in security level 5 challenge

the way to scan a webserver using NIKTO

XSS in Mutilidae Theory and Practical

DOM based XSS Explanation

Reflected XSS

Stored XSS

BEEF Framework

and far more with Reading Materials and Quizzes ..!!

So from a spread of 40 vulnerabilities , 1st we gonna cover , sql injection , sql map, the way to solve security level challenges , we’ll find out how to scan webservers using Nikto , various XSS attacks , MORE Importantly , we’ll learn the usage of burp suite , and neef Framework , which is extremely essential to know and learn from Website Penetration tester perspective and wr have far more to hide during this section also .

So monthly , you will get regular updates during this Mutillidae section also .

Coming to our next section , i.e. 5th Section , we’ve OWASP JUICE shop.

OWASP Juice Shop is perhaps the foremost modern and complicated insecure web application! It are often utilized in security trainings, awareness demos, Ctfs etc.

what’s OWASP Juice shop and installation of nodejs and npm

OWASP juice shop up in running

Finding the Score Board Level 1 Difficulty Challenge

Zero Star Feedback Level 1 Difficulty Challenge

Access Confidential Document Level 1 Difficulty Challenge

DOM based XSS Level 1 Difficulty Challenge

Error Handling Level 1 Difficulty Challenge

Missing Encoding Level 1 Difficulty Challenge

Bonus Payload DOM XSS Level 1 Difficulty Challenge

Exposed Metrics Level 1 Challenge

Outdated WhiteList Level 1 Challenge

Privacy Policy Level 1 Difficulty Challenge

Repetitive Registration Level 1 Difficulty Challenge

and far more to hide …!!!

Juice Shop encompasses vulnerabilities from the whole OWASP Top Ten along side many other security flaws found in real-world applications!

Currently we are having 6 levels in owasp juice shop . we’ll start with level 1 and gradually increase our difficult level.

We gonna cover , missing encoding , error handling security , confidential document , hoe to extract sensitive data , we’ll see how we will invade privacy policy , weird cryptographic issues and far more.

So monthly , you will get regular updates in Owasp Juice Shop section also .

So , by browsing of these sections , you will be comfortable enough to know how Web Application Penetration Testing works and with regular updates , you will be ready to brush up your skills also .

Plus you will have a bonus section also which can guide you thru various upcoming courses also my Instagram page and youtube channel where you will get regular updates within the field of cyber security and travel and tourism across the world .

So all the sections will cover Quizzes , Assignments and Reading Materials .

Also , all the sections are going to be updated on regular basis and new sections also will be added up , so once you’re enrolled within the course , you’ll surely gonna learn various techniques how attackers attack and the way we will safe ourselves from getting attacked.

most significantly , this course is totally for educational purpose

all the attacks which an attacker perform are demonstrated to you in order that you understand the technology and therefore the art behind it and you are not fooled by any quite social engineering.

This course is for educational and awareness purpose , to form everyone aware and be safe and protect your data.

Its an invitation , please don’t perform any illegal activities , Udemy and me ( Debayan Dey ) isn’t liable for your illegal activities you perform.

Feel Free to succeed in out at any point of your time , i will be able to be happy to assist you , and if you face any PROBLEM , just post your DOUBTS , you’ll be Answered within 24hrs to 48hrs of your time ..!!!!!

so, welcome to the planet of Complete Web application Penetration Testing Practical Course .

ARE YOU EXCITED to find out 100% complete practical course and help your family , Organization and Company stay secured and safe from data theft and from hackers ?

wish you all the simplest !!!

Do follow our Instagram page and youtube channel for normal updates .

Wish you all the simplest …!!!!

See you within the course landing page ….!!!!
Who this course is for:

Anybody curious about learning website & web application hacking / penetration testing
Anyone who is interested by how data is leaked from social media environments
Anybody interested website hacking
Anyone who is scared of being hacked and would really like to secure his/her websites
Anyone who is scared of being hacked and would really like to secure his/her websites
Anybody curious about learning the way to secure websites & web applications from hacker
Web admins in order that they can secure their websites
Web developers in order that they can create secure web application & secure their existing ones