top of page

Network and Web Application Penetration Testing Course

This intensive 40-day course covers both network and web application penetration testing. Each week, students will explore different aspects of penetration testing, followed by practical lab sessions to reinforce their learning. Our curriculum is built to provide a deep understanding of various tools and techniques used in the industry, ensuring students gain practical experience with open-source tools and platforms.

nwapt.png

Week 1: Introduction to Penetration Testing (Days 1-5)

  • Topics Covered:

    • Overview of Penetration Testing

    • Legal and Ethical Considerations

    • Setting Up a Lab Environment

    • Basic Networking Concepts

  • Labs:

    • Setting up VirtualBox/VMware with Kali Linux

    • Basic network configuration and testing with tools like Wireshark

Week 3: Network Scanning and Enumeration (Days 11-15)

  • Topics Covered:

    • Network Scanning Techniques

    • Port Scanning and Service Enumeration

    • Identifying Network Vulnerabilities

  • Labs:

    • Advanced Nmap usage for network scanning

    • Enumerating services with tools like Enum4linux and SNMPwalk

    • Vulnerability scanning with OpenVAS and Nessus

Week 5: Web Application Penetration Testing - Introduction (Days 21-25)

  • Topics Covered:

    • Overview of Web Application Penetration Testing

    • OWASP Top 10 Vulnerabilities

    • Setting Up a Web Application Testing Environment

  • Labs:

    • Setting up DVWA and OWASP Juice Shop

    • Exploring Burp Suite for web application testing

Week 7: Advanced Web Application Penetration Testing (Days 31-35)

  • Topics Covered:

    • XML External Entities (XXE) and Insecure Deserialization

    • Web Application Logic Flaws

    • Automating Web Application Scans

  • Labs:

    • Identifying and exploiting XXE vulnerabilities

    • Exploiting logic flaws in web applications

    • Automating scans with OWASP ZAP and Nikto

Week 2: Information Gathering and Reconnaissance (Days 6-10)

  • Topics Covered:

    • Active and Passive Reconnaissance

    • Footprinting Techniques

    • Using OSINT for Information Gathering

  • Labs:

    • Using tools like Nmap, Maltego, and Recon-ng for footprinting

    • Exploring Shodan and Google hacking techniques

Week 4: Network Exploitation (Days 16-20)

  • Topics Covered:

    • Exploiting Network Vulnerabilities

    • Man-in-the-Middle Attacks

    • Wireless Network Attacks

  • Labs:

    • Using Metasploit for network exploitation

    • Conducting MiTM attacks with tools like Ettercap and Wireshark

    • Wireless network attacks using Aircrack-ng

Week 6: Web Application Penetration Testing - Exploitation (Days 26-30)

  • Topics Covered:

    • SQL Injection and Cross-Site Scripting (XSS)

    • Cross-Site Request Forgery (CSRF) and Broken Authentication

    • Security Misconfigurations and Sensitive Data Exposure

  • Labs:

    • Exploiting SQL Injection vulnerabilities with SQLMap

    • Identifying and exploiting XSS vulnerabilities

    • Testing for CSRF and Broken Authentication vulnerabilities

Week 8: Reporting, Mitigation, and Review (Days 36-40)

  • Topics Covered:

    • Documentation and Reporting Findings

    • Developing Mitigation Strategies

    • Review of Legal and Ethical Issues

  • Labs:

    • Writing a comprehensive penetration testing report

    • Analyzing and mitigating identified vulnerabilities

    • Capture the Flag (CTF) challenges covering network and web application testing

    • Scenario-based practical exercises

    • Group discussions and Q&A sessions

Enrollment

Ready to take the next step in your cybersecurity career? Enroll in our Network and Webapp pentesting course today and become a part of the CX2 Space community.

signal-2024-08-26-134823_004.png
CX2 Space was established in 2019 with the primary goal of providing world-class Information Security services.

Get in touch with us on LinkedIn

  • LinkedIn
ATC-Logo.png

© 2024 Copyright - CX2 Space Information Security Services.

bottom of page