Web Application Hacking: GUI web Hacking, URI Hacking, Methods Headers and Body, Resources. The Web Client and HTML, Other Protocols, How & Why Web Apps attack. Infrastructure Profiling: Foot printing and Scanning, Basic Banner Grabbing, Advanced HTTP Fingerprinting, Infrastructure Intermediaries. Application Profiling: Manual Inspection, Search Tools for Profiling, Automated Web Crawling, General Countermeasures.

Web Authentication Threats: Username/password Threats, Password Guessing and its Countermeasures, Eavesdropping attacks and its Countermeasures, Forms-based Authentication attacks and its countermeasures. Stronger web Authentication, Web Authentication Services. Bypassing Authentication: Token Replay, Cross-site Request Forgery, Identity Management.

Where to find Attack vectors, Common Input Injection Attacks: Buffer Overflow, Canonicalization and its countermeasures, Advanced Directory Traversal, Navigating Without Directory Listing, HTML Injection: XSS, Embedded scripts, Cookies and Predefined Headers, Counter countermeasures. SQL Injection: SUB Queries, UNION, SQL Injection countermeasures, XPATH Injection and its countermeasures, LDAP Injection.

Introduction, Metasploit Basics: Terminology, Metasploit Interfaces, Metasploit Utilities. Intelligence Gathering: Passive Information Gathering, Active Information Gathering, Target Scanning. Vulnerability Scanning: Basic Vulnerability Scan, Scanning with scanning tools, Using Scan Results for Autopwning.

Defacing Content, Capturing User Input: Using Focus Event, Using Keyboard Events, Using Mouse and Pointer Events, Using Form Events, Social Engineering: Using TabNabbing, Abusing UI Expectations: Using Fake Login Prompts, Pretty Theft, Gmail Phishing.