Ethical Hacking Course
DISCLAIMER: We believe that information must be free for all.
Why Learn Ethical Hacking?
Because it's fun
- Searching for vulnerabilities, detecting them, and suggesting fixes. You get to be the modern-day Sherlock Holmes!
Be in demand
- With the entire world and its data coming online, the demand for cybersecurity experts is skyrocketing.
Lucrative salary
- The average salary of a Cybersecurity Analyst is 6.8 LPA+ according to Indeed.
Ethical Hacking Training Syllabus
Basics of Information Security and Computer Networking
- Introduction to Information Security
- Hacking Methodologies and Security Auditing
- Computer Networking
- IP addressing and NAT
- The Google Maps of the Internet
- Ports and Services
- Protocols, TCP/IP and OSI Model
- Proxy and VPN
Information Gathering and Basics of Web Development
- Digital Footprints and Information Gathering
- Advanced Information Gathering about People and Websites
- Google Dorking- Hacking using Google
- Introduction to Web Architecture and Understanding Common Security Misconceptions
- HTML Basics
- HTML and Introduction to Javascript
- Introduction to PHP and Setting up XAMPP
- Putting Brains into Beauty- Working with PHP
- Handling User Input and Building Basic Applications using PHP
Introduction to Web VAPT, OWASP, and SQL Injections
- Introduction to VAPT and OWASP
- Basics of Databases and SQL
- Authentication Bypass using SQL Injection
- GET based SQL Injection- Part 1
- GET based SQL Injection- Part 2
- POST based SQL Injection- Part 1
- POST based SQL Injection- Part 2
- Advanced SQL Injections
- Automating SQL Injections- SQL Map
Advanced Web Application Attacks
- Bypassing Client Side Filters using Burp Suite
- IDOR and Rate-limiting issues
- Arbitrary File Upload Vulnerabilities
Client Side Attacks
- Understanding Important Response Headers, DOM, and Event Listeners
- Fundamentals of Cross Site Scripting (XSS)
- Understanding Forced Browsing and Session-Cookie Flaws
- Cross Site Request Forgery (CSRF) and Open Redirections
- Dictionary Based Brute Force Attacks
- Logical Brute Force Attacks
- Personally Identifiable Information (PII) Leakage and Sensitive Information Disclosure
Identifying Security Misconfigurations and Exploiting Outdated Web Applications
- Common Security Misconfigurations
- Default/Weak Password Vulnerabilities
- Fingerprinting Components with Known Vulnerabilities
- Scanning for Bugs in WordPress and Drupal
- Using Public Exploits
Automating VAPT and Secure Code Development
- Information Gathering for Endpoints
- Application Assessment using Nmap
- Automating VAPT with Nikto and Burp Suite Pro
Documenting and Reporting Vulnerabilities
- Documenting Stages of Vulnerabilities Using Tools
- VAPT Reports: Developer Report v/s Higher Management Report
- Concepts of Code Security and Patching
- Parts of a VAPT Report
- Common Good Practices and Bad Practices
![[B Voc] Software Development Syllabus with sample paper for all semesters](https://codelone.com/uploads/blog/202205/img_thumb_6294fcc3bc0233-08249805-46687310.jpg)
