The document outlines a 5 day course on vulnerability assessment and penetration testing. Each day covers different topics like introduction to VAPT, web application security, network security, security operations, and malware analysis. Tools covered include Burp Suite, Nmap, ZAP, Metasploit, and more.
The document outlines a 5 day course on vulnerability assessment and penetration testing. Each day covers different topics like introduction to VAPT, web application security, network security, security operations, and malware analysis. Tools covered include Burp Suite, Nmap, ZAP, Metasploit, and more.
The document outlines a 5 day course on vulnerability assessment and penetration testing. Each day covers different topics like introduction to VAPT, web application security, network security, security operations, and malware analysis. Tools covered include Burp Suite, Nmap, ZAP, Metasploit, and more.
The document outlines a 5 day course on vulnerability assessment and penetration testing. Each day covers different topics like introduction to VAPT, web application security, network security, security operations, and malware analysis. Tools covered include Burp Suite, Nmap, ZAP, Metasploit, and more.
Vulnerability Assessment and Penetration Testing Course
Vulnerability Analysis and Penetration testing helps organizations evaluate their security posture and understand their ability to withhold cyber-attacks against digital infrastructure. Day 1:
Introduction to VAPT
• Introduction to Information Security
• Overview of information security concepts • Common terminologies and definitions • Importance of security in modern systems • Understanding Vulnerability Assessment (VA) and Penetration Testing (PT) • Differences between VA and PT • Goals and objectives of VAPT • List of VAPT tools
VAPT Methodologies
• Overview of common VAPT methodologies (e.g., OWASP, NIST, OSSTMM)
• Understanding reconnaissance, scanning, enumeration, exploitation, and reporting phases • Hands-on exercises on reconnaissance and scanning techniques
Tool : Burpsuite Community Version
Day 2:
Web Application Security
This module covers the Web Application Penetration Testing (WAPT) that provides all the advanced
skills necessary to carry out a thorough and professional penetration test against modern web
applications.
Introduction to Web Application Security
• Web Application Vulnerabilities
• Best practices in WAS • Security Challenges • Hacking concepts • Phases of Hacking
• Fundamentals of VA • VA tool Deployment strategy • Scanning methodologies • Risk Identification and Categorization • Penetration testing concepts • Penetration testing methodology • Types of Penetration testing • Tools and techniques used in penetration testing • Limitations of penetration testing tools • Hands-on practice on tools used in penetration testing.
Tools:
o Dirsearch o LinkFinder o Waybackurls o ParamSpider o FFUF o LFISuite o SSRFmap o Sqlmap o Dalfox o retire.js
Vulnerability Scanning & PT
• Introduction to vulnerability scanning tools (e.g., OWASP ZAP)
• Hands-on exercises on vulnerability scanning • Understanding penetration testing objectives and rules of engagement • Introduction to penetration testing tools (e.g., Metasploit, Nmap, Burp Suite) • Hands-on exercises on basic penetration testing techniques • Advanced Topics and Practical Application
Network Security:
IPS : Intrusion Prevention System
• IPS Introduction • Types of IPS • Classification of IPS • Comparison of IPS Technologies • Detection methods of IPS
IDS : Intrusion Detection System
• IDS Introduction • How does an IDS work • Classification of IDS • Benefits of IDS • Detection methods of IDS
Tools:
• Nmap • Nessus • Wazuh • ManageEngine Log360
Day 4:
Network Endpoint security
• Introduction & how does it work?
• Benefits of Network endpoint security • Components of EPS
SOC (Security Operations Centre) Analyst
• Introduction to SOC • Understanding Events and logging mechanisms • Incident Detection with Security Information and Event Management (SIEM) • Enhanced Incident Detection with Threat Intelligence • Incident Response Activities • Experience in using SIEM tools.
• This topic explains the unique features, objectives, sources and potential effects of • harmful software code. • Implement different malware analysis techniques. • Analyze the malware behavior in windows and android. • Understand the purpose of malware analysis. • Identify the various tools for malware analysis • Benefits of Malware Analysis • Types of Malware Analysis • Dynamic • Static Tools: • HexEditor • Peid • Ollydbg • ImpRec • IDApro -
Job Role After the successful completion of this course, candidates will be eligible for applying the following job roles:
