Certificate Of Completion

Certificate No :011ACTCERT0322
Name Of Participant :Juniko Dwi Saputra
Title :Web Application & Network
Penetration Testing Fundamental
Date :7-11 March 2022
Duration :09:00 – 16:00 (7 hour)
Trainer :Hendra Sentono
Download :Link Certificate (PDF)

Table Of Content

NoMateri
1Mengenal Penetration Testing
-Berbagai standar pentest
-Tahap-tahap pentest
Hacking dan Berbagai Jenis Serangan
-Definisi hacking dan hacker mindset
-Jenis-jenis serangan melalui jaringan komputer
2CVE
-Definisi CVE
-Vulnerability vs Exposure
-Penomoran CVE
-CVSS dan NVD
3Web Application Pentesting – Metodologi Serangan
-Langkah-langkah dalam melakukan pentesting
Web Application Pentesting – Struktur Aplikasi Web
-Request and Response
-HTTP Header
-Struktur URL
-Encoding
4OWASP Top 10
-Mengenal OWASP Top 10
-Daftar terbaru OWASP Top 10
-Perbandingan dan perkembangan daftar OWASP Top 10
5Metasploit – Mengenal Metasploit
-Sejarah singkat
-Berbagai versi metasploit
-Instalasi lab: kali linux, metasploitable 2, dan metasploitable 3
-Struktur direktori dan modul-modul metasploit
-Berbagai tool metasploit
6MSF Console
-Perintah dasar msfconsole
-Database dan msfconsole
-Enumerasi dengan msfconsole: nmap
7Vulnerability Scanning
-Memadukan metasploit dengan nessus
-Metasploit exploitation
-Exploitation to metasploitable 3
8Post-exploitation
-Meterpreter basic
-More about meterpreter
9Introduction to Burp Suite
-History of Burp Suite
-Burp Suite Editions
-Setting up web application pentesting: external vs internal browser
-OWASP BWA
10Burp Suite attack on OWASP
-Site map
-Message editor
-Repeater, Decoder, Intruder
11Burp Suite attack on OWASP
-Burp Suite HTTPS trust
-Project and user options
-Spider and Scanning
-Authentication – account renumeration, bypassing authentication
12Burp Suite attack on OWASP
-Authorization – local/remote file include, IDOR
-Session Management – cookie, CSRF
-Business Logic – data validation, file upload
13Burp Suite attack on OWASP
-Input validation check
-cross site scripting, HTTP verb tampering
-HTTP parameter pollution, SQL injection
-Advance attack using Burp Suite
14Exercise – network/server pentest on real-world/own server
15Exercise – web application pentest on real-world/own server