Featured Training

  1. Certified Web Application Penetration Tester (CWAPT)
  2. Certified Mobile Application Penetration Tester (CMAPT)
  3. Certified Network Security Expert (CNPT)
  4. API Security Testing Expert
  • CWAPT
  • CMAPT
  • CNPT
  • API Security Expert

Certified Web Application Pentester (CWAPT)

  1. CIA vs DAD Traids
  2. Testing: -Black, White, Gray Box
  3. Functional & Security Testing
  4. Overview on web Application
  5. Vulnerability
  6. Vulnerability discovery
  7. Attack issue
  8. Impact
  9. Countermeasures

What is OWASP?

  • OWASP Top 10
  • A1 - Working with Injection flaws
  • A2 - Broken Authentication
  • A3 - Sensitive data exposure
  • A4- XML External Entities (XXE)
  • A5- Broken Access Control (directory browsing, directory traversal, IDOR)
  • A6- Security Misconfiguration
  • A7- Cross-site scripting
  • A8- Insecure Deserialization:
  • A9- Using Components with Known Vulnerabilities
  • A10- Insufficient Logging & Monitoring

Beyond OWASP -WASC

  • Command Injection
  • LFI / RFI
  • Shell Upload
  • Business Logic Testing
  • DoS Attack
  • Brute Force Attack
  • Api/Cms Based Vulnerabilities.
  • Transport Layer vulnerabilities
  • Advance threats (SSRF, CORS, S3 Bucket Misconfiguration, Web cache poisoning, Web Cache deception) etc.

Tools used: - Burpsuite, SQLMAP, Netsparker, Vega etc.

ESAPI (Enterprise Security API)

Certified Mobile Application Penetration Tester  (CMAPT)

Mobile app security is the extent of protection that mobile device applications have from malware and the activities of attackers. The term can also refer to various technologies and production practices that minimize the risk of exploits to mobile devices through their apps. SecOrigin Technologies offers Mobile application & Penetration Testing Course that involves Penetration Testing of both Android & iOS based applications

This course is focusing on Security Enthusiasts, IT professionals, and Mobile Application Developers seeking to understand typical mobile application security issues in detail.

Module 1: Android Application Security Testing

  • Introduction to Android
  • Android Security Architecture
  • What is ADB?
  • Setting up Android Pentesting Environment (Genymotion)
  • Santoku OS
  • Android Applications Components
  • Setting up a Burp proxy
  • What is an APK
  • Reversing android applications
  • Local storage Issues
  • Logging Issues
  • Leaking Content Providers
  • Client Side Injections
  • Read Based Content Providers Vulnerabilities
  • Insecure Data Storage
  • Broken Cryptography
  • Android application interaction and Intent manipulation with Drozer
  • Exploiting Android devices with Metasploit
  • SSL Pinning Bypass
  • Root Detection Bypass Techniques
  • API Hooking Attacks

Module 2 :iOS Application Security Testing

  • Introduction to iOS
  • iOS security model
  • What makes IOS security different? 
  • App Sigining
  • Introduction to Objective-C and Swift
  • Lab Setup overview
  • Basics of Jailbreaking
  • Device Setup
  • Jailbreaking your IOS device
  • Cydia, Mobile Substrate
  • Static Analysis and sources for Static Analysis
  • Extract information from IPA files
  • Investigating Binaries
  • Hands-on Lab: Binary Static Analysis manual and automated
  • Basics of IOS reverse engineering
  • Introduction to Hopper
  • Disassembling methods
  • Modifying assembly instructions
  • Client-side attacks
  • Configure Burpsuite for iOS application
  • Traffic Analysis and Manipulation
  • Session Management Issues
  • Importing SSL certificates & trusted CA's
  • Run time Analysis
  • Lifecycle of an Application
  • Cycript + Class-dump-Z
  • Decrypting Applications:
    • GDB
    • Clutch
  • Runtime Analysis with GDB
  • Exploiting iOS Apps

Module 3: Testing for the OWASP Top 10 2016 of Mobile Applications:

    • Improper Platform Usage
    • Insecure Data Storage
    • Insecure Communication
    • Insecure Authentication
    • Insufficient Cryptography
    • Insecure Authorization
    • Client Code Quality
    • Code Tampering
    • Reverse Engineering
    • Extraneous Functionality

Module 4: Reporting Techniques

Certified Network Penetration Tester (CNPT)

The CNPT training is designed to make you an expert in the domain of network security. In this course, you will learn to discover weaknesses in the network of an organization. You acquire the knowledge to test and exploit internal and external defenses. You will also learn how to protect your enterprise from such network based attacks. Our trainers have included all the fundamental information related to network-based ethical hacking / penetration testing which would help you to evolve into a professional penetration tester. The entire course aims to help you in learning all the skillset that will allow you to use the latest Penetration tools and to secure the client’s network. 

Target Audience

  • All those who are interested in ethical hacking and penetration testing.
  • Security Engineers
  • Penetration Testers
  • Cyber Security Analyst
  • Working Professionals

Pre-Requisite

  • Basic understanding of Linux and Windows operating system
  • Basic knowledge of network fundamentals like TCP/IP protocols

Introduction

  • Overview of Network Security
  • Port and Protocols
  • TCP / IP Protocols, Headers
  • Kali Linux overview
  • Basic Windows Concepts
  • Commands (Kali Linux & Windows)

Reconnaissance

  • Steps of Recon
  • Passive Recon
  • Active Recon
  • Wireshark
    • ICMP Packet Analysis
    • ARP Packet Analysis
    • 3 way handshake Analysis
    • TCP / UDP streams
    • Malformed Packets
    • Geolocation service usage

Finding Vulnerabilities – Manual methods

  • Vulnerability Assessment (VA)
  • Penetration testing
  • Packet Crafting using Hping3 and Scapy
    • Different Attacks using packet crafting
    • SYN flood attack
    • DoS / DDoS attack
    • Random Source Attack
    • Spoofing
    • Smurf attack
    • Land Attack, etc.
  • Network Mapper (Nmap) Basics
  • Advance Nmap commands and NSE scripts
  • Enumeration of services i.e – FTP, SSH, SMTP, HTTP, SNMP, NetBIOS, SMB, RDP etc.
  • Google Hacking Database
  • Metasploit
    • Metasploit Basics
    • Payload and encoders creation using msfvenom
    • Auxiliary scanner
    • Reverse Payloads
    • Bypass techniques using Macros
    • Post Exploitation
    • Exploit-DB
  •  

Finding Vulnerabilities – Automated methods

    • Nessus and Nexpose Vulnerability scanner
    • Getting exploit code – Exploitation Framework (MSF)
    • Working with Armitage
    • Attacking Linux and Windows

Reporting

 

API Security Testing Expert:

  • What is API
  • API Architecture
  • REST VS SOAP API’S VS Restful API
  • Postman Collection vs Swagger files
  • Environment Setup
    • Postman and its alternatives
    • API Vulnerability Scanners
    • Burp Suite with Postman integration
  • Rest API Based attacks
  • SOAP Based attacks
    • Signature wrapping attacks
    • SAML Based attacks
  • API OWASP Top 2019
  • Rate Limiting flaws
  • OAuth Based Attacks
  • JWT Token
  • JWT Token Based attacks
  • Session based flaws
  • Open ID based attacks
  • DoS & DDoS attack on API
  • Authentication Bypass attacks
  • SQLi on API’s
  • IDOR and Broken access control attacks
  • Mitigation & Recommendations
  • Practical demos of each
  • Brute force attacks on API (Directory traversal, Token bruteforce etc)
  • Reflected File Download vulnerability
  • XSS & CSRF on Oauth
  • RCE on API
  • Reporting
  • Exam
  • Certification ( API Security Architect)
  • SecOrigin Certified Api Security Testing expert Certification

Tools used: - Burpsuite, SQLMAP, Postman, Kiterunner, Vookie etc.

Register Here!

Our Trainings

What We Offer

Beginners Training

Read More

Featured Training

Read More

Advance Training

Read More

Infrastructure Training

Read More

Digital Forensics

Read More