Overview

Our Cyber Security & VAPT Training curriculum at Swhizz Technologies is created to give prospective security professionals a thorough understanding of network security, vulnerability assessment, and ethical hacking.  Important topics like the OWASP Top 10 risks, practical attack methods, and new cyberthreats are covered in the course.  Participants acquire the abilities to recognize, evaluate, and successfully mitigate security risks with a strong emphasis on hands-on learning, setting them up for a future in the exciting field of cybersecurity.

By utilizing industry-standard technologies and techniques in practical sessions, students have practical expertise in protecting digital assets.  In order to defend enterprises against assaults, participants learn cybersecurity specialists' methods for threat analysis and penetration testing.  Swhizz Technologies offers a thorough road map for becoming an accomplished and self-assured cybersecurity practitioner, regardless of your position—beginner seeking to enter the field or professional seeking to advance your abilities.

Key Learning Modules:

1. Introduction to Ethical Hacking

   • Fundamentals of hacking, vulnerabilities, risks, and threats
   • Client-server model and web security
   • Overview of Google Dorks, protocols, and proxy usage

2. OWASP Top 10 Security Risks

   • Injection Attacks: SQL, Command, LDAP, HTML, CSV injections
   • Broken Authentication: Password security, session hijacking, OTP bypass
   • Sensitive Data Exposure: SSL/TLS weaknesses, data transmission risks
   • XML External Entities (XXE): XML attacks, internal vs. external DTD
   • Broken Access Control: IDOR, directory traversal, privilege escalation
   • Security Misconfiguration: Server misconfigurations, clickjacking, internal path disclosure
   • Cross-Site Scripting (XSS): Reflected, stored, and DOM-based XSS
   • Insecure Deserialization: Serialization vulnerabilities in PHP and Java
   • Using Vulnerable Components: Risks in jQuery, Bootstrap, AngularJS
   • Cross-Site Request Forgery (CSRF) & Other Attacks: SSRF, buffer overflow, host header injection

3. Denial of Service (DoS/DDoS) Attacks

   • Techniques and tools for scanning and attack prevention
   • Network and vulnerability scanning

4. Security Tools & Hands-on Training

   • Practical use of security tools like Burp Suite, SQLMap, Nmap, Nessus, Acunetix, and more
   • Web and mobile security testing tools

Course Description

 Module 1: Introduction

  Introduction to Ethical Hacking

Ø What is Hacking?

Ø What is Ethical Hacking?

Ø What is a Dark web?

Ø What is Vulnerability?

Ø What is Risk, Threat, exploit

Ø Client-server model

Ø Static vs dynamic webpages

Ø Webserver vs application server

Ø Types of security

Ø Google Dorks

Ø Protocols

Ø Port numbers

Ø Http response status codes

Proxy

Ø What is a proxy?

Ø Types of proxies

Owasp

Ø What is Owasp top 10

Ø 2013 vs 2017 owasp

Module 2: Owasp top 1

Injection

Ø Types in SQL injection

Ø What is a Command injection?

Ø What is LDAP injection

Ø What is HTML injection

Ø What is CSV injection

Ø What is a SQL injection?

Module 3: Owasp top 2

 Broken Authentication and Session management

Ø What is authentication?

Ø Password policy

Ø 2FA and OTP Bypass

Ø Concurrent login

Ø Back and refresh attack

Ø Auto complete enable.

Ø Accept blank/partial password.

Ø Insecure pwd reset mechanism.

Ø Bypass OTP

Ø Brute force OTP

Ø OTP policy

Ø Unencrypted pwd sent to server.

Ø Session hijacking

Ø Session fixation

Ø Session timeout

Ø Session id in URL

Ø Session id does not invalidate after logout.

Ø Session cookie attributes

Module 4: Owasp top 3

Sensitive Data Exposure

Ø What is SSL/TLS and week versions?

Ø HTTPS not implemented.

Ø Weak key lengths

Ø Sensitive data transmitted in URL.

Ø Sensitive data PII, card, account in clear text

Module 5: Owasp top 4

 XML External Entities (XXE)

Ø What is Xml?

Ø What is DTD?

Ø Internal DTD vs External DTD

Ø How to find XXE attacks

Module 6: Owasp top 5

Broken Access Control

Ø What is Authorization?

Ø What is IDOR?

Ø Directory traversal attack

Ø Access sensitive data by direct URL

Ø Directory listing

Ø LFI

Ø RFI

Ø What Privilege Escalation

Ø Horizontal vs Vertical

Ø Parameter manipulation

Module 7: Owasp top 6

Security Misconfiguration

Ø Http methods

Ø Server banner

Ø Error page reveals sensitive info.

Ø Email id expose

Ø Special character accepts as input.

Ø Default credentials use.

Ø Internal path disclosure

Ø Clickjacking

Ø Sensitive data exposure in browser cache

Ø Missing useful headers

Module 8: Owasp top 7

Cross-Site Scripting XSS

Ø What is XSS?

Ø Reflected XSS

Ø Stored XSS

Ø DOM-XSS

Module 9: Owasp top 8

Insecure Deserialization

Ø What is serialization?

Ø What is Deserialization?

Ø Php and java serialization

Module 10: Owasp top 9&10

Using Components with Known Vulnerabilities

Ø jQuery version

Ø Bootstrap version

Ø Angular JS Version etc. 

Module 11: Owasp top 4

Ø What is CSRF?

Ø Bypass CSRF

Ø Host header injection

Ø Unvalidated redirection

Ø What is SSRF?

Ø Buffer overflow

Module 12: Others

Denial of Service

Ø What is a DoS and DDoS attack?

Ø DoS attack techniques

Ø DoS attack Tools Scanning

Ø What is Network scanning

Ø Types of Scanners

Ø Vulnerability Scanner Tools

Web and mobile Tools

Ø Burp suite

Ø SQLMAP

Ø Nmap

Ø Nessus scan

Ø Acunetix scanner

Ø Test SSL

Ø Quails scan

Ø APK tool

Ø Dex2jar

Ø Mobsf

Benefits

• • Comprehensive Curriculum: Covers all key concepts from basics to advanced topics.
  • Hands-on Learning: Apply concepts through real-time projects.
  • Expert Mentors: Learn from industry experts with practical experience.
  • 100% Placement Assistance: Resume building, interview preparation, and job placement support.

  Enroll now to master Cybersecurity and pave your way to a successful career and Expertise in Cybersecurity and Ethical Hacking and more!