i.
MySQL (20 Hrs)
Introduction to MYSQL, Installing and Configuring
MYSQL, Creating and Dropping Database, Queries in MYSQL, Web Application
Security Risks, Identifying the Application Security Risks, Threat Risk
Modelling, Other HTTP fields, Data Extraction, Advanced
Identification/Exploitation
ii.
Web
Application Security (20 Hrs)
OWASP Top 10 –2017, Injection and Inclusion, Cross
Site Scripting, Injection in stored procedures, Denial of Service, Buffer
Overflows and Input Validation, Access Control, DevOps Security, API Security,
OWASP top 10 Cloud security Risks, Secure CodeReview, SAST and DAST tools, Case
Study on Web Application Framework, use browser-jsguard Firefox add-on also to
detect Malicious and Suspicious Webpages.
iii.
Mobile
Security (20 Hrs)
Introduction to Android Architecture, Android File
Structure, Android Build Process, Android App fundamentals, Android Security
Model, Device Rooting, Android Debug bridge, Penetration Testing Tools, OWASP
Top 10 Mobile App vulnerabilities, Attacks on Android Apps, Web based attacks
on Android devices, Networks based attacks, Social Engineering attacks,
Overview of Mobile Malware, Android App Analysis
iv.
Python (62 Hrs)
Introduction to Python, Python basics, Data Types and
variables Operators, Looping & Control Structure List, Modules Dictionaries,
string Regular Expressions, Functions and Functional Programming, Object
Oriented Linux Scripting Environment, Classes, Objects and OOPS concepts, File
and Directory Access Permissions and Controls Socket, Libraries and
Functionality Programming, Servers and Clients Web Servers and Client scripting,
Exploit Development techniques. Writing plugins in Python, Exploit analysis
Automation Process, Debugging basics, Task Automation with Python
v.
Ethical
Hacking (58 Hrs)
Introduction to Ethical Hacking, Understanding Ethical
Hacking Terminology, Identifying Different Types of Hacking Technologies,
Understanding the Different Phase Involved in Ethical Hacking, Types of Hacker
Classes, Ethical Hackers and Crackers, Goals of Attackers, Security,
Functionality and Ease of Use Triangle, Ethical Hacking procedure, Creating a
Security Evaluation Plan, Foot-printing and Social Engineering, Tracerouting,
Port Scanning, Network Scanning and Vulnerability Scanning, SYN, Stealth, XMAS,
NULL, IDLE and FIN Scans, TCP Communication Flag Types, Banner Grabbing and OS
Finger printing Techniques, Using Proxy servers in launching an Attack, Http
tunneling Techniques, IP Spoofing Techniques, Enumeration, Password-cracking Techniques,
Cracking Windows Passwords, Redirecting the SMB Logon to the attackers, SMB
Redirection, SMB Relay MITM Attacks and Countermeasures, NetBIOS DOS Attacks, DDos
Attack, Password-Cracking Countermeasures, Active/Passive online Attacks, Offline
Attacks, Keyloggers and other Spyware Technologies, Trojans and Backdoors, Overt
and Covert Channels, Types of Trojans, Reverse-connecting Trojans, Netcat Trojan,
Indications of a Trojan Attacks, Wrapping, Trojan Construction Kit and Trojan
Makers, The countermeasure Techniques in Preventing Trojans, Trojan Evading
techniques, System File Verification, Virus and a Worm, Antivirus Evasion
Techniques, Virus Detection Methods, Protocols Susceptible to Sniffing, Active
and Passive Sniffing, ARP Poisoning, Ethereal Capture and Display Filters,
MAC Flooding, DNS Hacking, DNS Spoofing
Techniques, Sniffing Countermeasures, Types of DOS Attacks, Smurf Attacks, SYN
Flooding, Spoofing vs Hijacking, Types of Session Hijacking, Steps to perform
session Hijacking, Prevention of session Hijacking, Hacking Web Servers, Web
Application Vulnerabilities, Web-Based Password Cracking Techniques, Wireless
Hacking, WEP, WPA Authentication Mechanisms and Cracking Techniques, Wireless
Sniffers and Locating SSIDS, Wireless hacking Techniques, Methods used to
secure Wireless Networks, IDSs, Honeypots and Firewalls.