Certified Information Security  Professional 

Who should attend?

This course is designed for Passionate security researchers  who wants to learn about most demanding cyber security fields , beyond Exploitation concepts & methodologies  for career purpose.

Fundamentals of Cyber Security & Networking
  • Cyber Security In Present & Future
  • Ethical Hacking Concepts
  • Information Security Policies
  • Cyber Laws & InfoSec Standards
  • Introduction to Computer Networks,
  • Components of Data communication,
  • Major Topologies in Networks
  • The OSI Model, & Description of OSI Layers.
  • Headers, Footers and Payload
  • Protocols & Network basics
  • Subnetting Concepts
  • TCP/IP Protocol Suite,
  • TCP v/s UDP services, Comparison
  • IPV4 & IPV6
  • VLAN
  • VPN and ACL
  • Network Packet Analysis (Wireshark)
  • Deep dive in the packet layer
  • Windows system architecture
  • Windows Server Configuration & Setup
  • Pentesting Linux Essentials
Network Security & Auditing
  • Basics of Vulnerability Assessment (VA) & Penetration testing
  • Intelligent gathering.
  • Social Engineering attacks
  • Google hacking database
  • Scanning Basics
  • Packet crafting  & manual packet building.
  • DOS & DDOS attacks
  • Scanning with Nmap & Scripting engine
  • Enumeration of services
  • Banner Grabbing
  • File Transfer essentials
  • Finding Vulnerabilities – Automated methods
  • Network Vulnerability scanners – Nessus , Retina , Openvas etc
  • Metasploit Exploit Kung-Fu
  • Attacking Linux and Windows
  • Privilege Escalation
    • Different Privilege Escalation Techniques
    • How to Defend Against Privilege Escalation
  • Wireless-802.11, Detailed Protocol Description,
  • WLAN Risk and Attack Taxonomy
  • Cracking WEP/WPA/WPA2-PSK, Evil Twin
  • Network VAPT report writing
Server Security & auditing
  • Firewall Evasion- Firewall introduction& types
  • Detection methodologies, Evasion Methodologies
  • Network Architecture Review
  • Switch/Router configuration review
  • Firewall Rule-based Auditing
  • Introduction to windows server security 
  • Windows General Security Practices
  • Windows Server Auditing
  • Linux server security best practices .
  • Web Server Security best practices
  • system hardening guidelines
Web application Security
  • OWASP top 10 & WAPT Testing Guidelines
  • Web Technologies – front-end and back-end technology
  • Web application architecture
  • Http Methods, Error Codes, Cookie Basics, Frameworks etc.
  • Manual Web Application Security Attacks
    • Header insecurities

    • All Injection Flows ( Error, Blind, Time Based, User Agent, Stored, NoSql, LDAP etc.)
    • Server Side Injection Flows
    • Broken authentication & Session Flows 
    • Sensitive data exposure & Improper Error handling
    • Access control Flows File & Resource Attacks 
    • Security misconfiguration
    • Cross-site scripting & WAF Bypassing
    • Cross-Site Request Forgery & Defacing Website
    • Insecure Deserialization 
    • Using components with known vulnerabilities
    • Insufficient logging & monitoring
    • Beyond owasp attacks 
    • AJAX, JSON, JQuery Attacks
    • Web services testing &  Attacks
    • Penetration testing activities against CMS
  • Next Gen Web App Sec Terminologies
    • Business Logic Testing Flows
    • Threat Modelling
    • Agile Methodology 
    • Secure SDLC
    • DevSecOps
    • Bug Bounty Approach to Hunt Bugs in Real Time
    • WAPT report Writing
Mobile - Android Application Security
  • Mobile device overview
  • Android Architecture and Security Models
  • Mobile OWASP Top 10
  • Reverse Engineering
  • Static code review
    • Hard-coded information
    • Log Review
    • Race Condition
    • Insecure coding practices
    • Improper coding practices
    • Malware analysis
    • Weak encryption / encoding
  • Dynamic Analysis
    • SSL pinning & Burpsuite essentails
    • Session related vulnerabilities
    • Business logic vulnerabilities
    • Transport layer security implementations
    • Privilege escalations
    • Injection attacks
    • Weak encryption / encoding
    • Authorization / Authentication checks
    • Weak server-side controls
    • Binary Protection
    • SQLite Analysis
    • Network Analysis
    • Secure Mobile Application Development Guidelines
Mobile - IOS Application Security
    • Secure Boot Chain
    • MVC And Event Driven Architecture
    • OS Security Mechanisms & Security Architecture
    • Environment Configurations & Manual Testing
      • Analyzing permissions
      • XCode methodologies
      • Jailbreaking Essentials
      • Jailbroken Device Setup
      • Device enumeration
      • Decrypting Appstore Applications
      • Application Trace method analysis
      • Keychain Analysis & Loopholes
      • Network Traffic Analysis
      • Static & Dynamic Security Testing of Applications
        • Scanning IOS applications
        • Burp Suite Essentials
        • Runtime Analysis
        • Local Data Storage Issues
        • Insecure Cryptography attacks
        • Attacking URL Scheme