CYBER SECURITY

  1. Fundamentals
    • Security Testing 
    • Vulnerability Assessment
    • Penetration Testing
    • Ethical Hacking
    • Security Audits
    • Threat Modeling
    • Red Teaming
    • Dark Web Monitoring
    • Malware
    • HTTP
    • HTTPS
    • SSL
    • TLS
    • Encoding
    • Decoding
    • Cryptography
    • Encryption
    • Decryption
    • Hashing
    • Proxy Server
    • Same Origin Policy
    • Web Application Firewall (WAF)
    • Advanced Persistent Threat (APT)
    • Cookies
      • Persistent
      • Non-Persistent
  2. Penetration Testing Types
    • Web Application Penetration Testing
    • Android Application Penetration Testing
    • iOS Application Penetration Testing
    • Network Penetration Testing
  3. OWASP 
    • Introduction
    • OWASP Top 10 Attacks
    • OWASP Web Security Testing Guide
      • Objective
      • Information Gathering
      • Configuration and Deployment Management Testing
      • Identity Management Testing
      • Authentication Testing
      • Authorization Testing
      • Session Management Testing
      • Input Validation Testing
      • Testing for Error Handling  
      • Testing for weak Cryptography
      • Business Logic Testing
      • Client-Side Testing
    • OWASP Mobile Security Testing Guide
  4. Type of Attacks
    • Cross-Site Scripting (XSS)
      • Reflected XSS
      • Stored XSS
      • DOM XSS
    • File Path Traversal / Directory Traversal
    • Cross-Site Request Forgery (CSRF)
    • XML External Entity (XXE) Processing
    • XPath Injection
    • XML Injection
    • XSLT Injection
    • SQL Injection
    • LDAP Injection
    • ORM Injection
    • IMAP/SMTP Injection
    • HTTP Header Injection
    • HTTP Verb Tampering
    • HTTP Parameter Pollution
    • HTTP Splitting/Smuggling
    • Command Injection
    • Server-Side Includes (SSI) Injection
    • Template Injection
    • Code Injection
    • Email Injection
    • Resource Injection
    • Path Manipulation
    • Unrestricted File Upload
    • Improper Error Handling
    • Robots.txt Files
    • ClickJacking
    • Cross-Site Tracing (XST)
    • Brute Force
    • Denial-of-Service (DoS)
    • Session Hijacking
    • Double Encoding
    • Buffer Overflow
    • Broken Authentication
    • Insecure Direct Object Reference
    • Session Fixation
    • Insufficiently Random Values
    • Incubated Vulnerability
    • Privileged Interface Exposure
      • Horizontal Privilege Escalation
      • Vertical Privilege Escalation
    • Session Exposure in URL
    • User Enumeration
    • Insecure URL Redirect
    • Insecure TLS Validation
    • Phishing
    • Spoofing
    • Sniffing
    • Snooping
    • Reputation
    • Man in the middle (MITM)
    • SSL Stripping
  5. List Of Tools
    • Burp Suite
    • Kali Linux
    • Checkmarx
    • IBM AppScan
    • WireShark
    • Charles
    • Fiddler
    • Mitmproxy
    • Metasploit
    • Acunetix
    • Nmap
    • SQLmap
    • OWASP Zed Attack Proxy (ZAP)
    • WebScarab
    • Mobile Security Framework (MobSF)
  6. Working with HTTP Headers
    • X-Content-Type-Options
  7. Working with HTTP Cookies
    • Secure Attribute
  8. Tips and Tricks
    • Sandboxing
    • Trusted Device
  9. Certifications
    • OSCP (Offensive Security Certified Professional)
    • CEH (Certified Ethical Hacker)
    • CISSP (Certified Information Systems Security Professional)
    • OSWP (Offensive Security Wireless Professional)
    Subscribe to: Posts (Atom)