Program Curriculum
We provide a very unique Industry Oriented Curriculum from basics to an advanced level.
The training covers 13 Modules which are divided into 3 Chapters – Basic, Advanced and Specialization.
Chapter 1: Basic
This chapter covers all the basic topics that companies expect in an individual. These topics help you to make your base strong in the Cyber Security domain.
Module 1 – Foundation to Cyber Security
- Why Cyber Security & How it Works in an organization?
- CIA – The Three Pillars of Cyber Security
- Cyber Attacks & Data Breaches
- Classification of Information
- Domains in Cyber Security
- Job Roles and Designations in the organizations
- Controls, Standards & Regulations
- Protocols & Port Numbers
- Cryptography
- Digital Signatures
Chapter 2: Advance
This chapter covers all the advance topics of the cyber security domain from an industry perspective which is required for every cyber security professional. It especially covers the four primary topics – GRC, SOC, VAPT and Cloud which are the core domains in Cyber Security. This Chapter will help you in gaining a good weightage to your profile.
Module 2 – Vulnerability Management & Penetration Testing
- Introduction to VAPT
- Types of Pentesting
- VAPT Targets & Tools
- VAPT Report Writing & Documentation
- Skills required for VAPT
Module 3 – Network Security
- Network Security Concepts
- Defense in Depth
- Network Security Devices - DLP, Firewall, IDS-IPS, AV
- Network Segmentations
- Protocols - SSL, TLS, VPN
- Zero trust approach to network security
- Network Monitoring
Module 4 – Web Application Security
- Web Application Protocols
- OWASP Top 10
- Using Burp Suite Tool for Web VAPT
- Web VAPT Tools & Methods
- Information Disclosure Vulnerability
Module 5 – API Security
- Importance of API & API Pentesting
- API pentesting VS Traditional Web Pentesting
- API Documentation
- Postman Tool Introduction
- LAB Setup Demonstration
Module 6 – Mobile Application Security
- Introduction To Android & Android Architecture
- Introduction To IOS & IOS Architecture
- OWASP Mobile TOP 10
- Mobile Application Pentesting Process
Module 7 – Network VAPT & Attacks
- Network VAPT Types
- Tools for Network VAPT - Qualysis & Nessus
- Network Traffic Analysis
- Performing VA using nmap
- Creating automated nmap scripts for scanning
- Banner Grabbing Attack
- User Enumeration Attack
- Bruteforce Attack
- Password Cracking Attack
- Finding & Analysing CVE for Vulnerable services
Module 8 – Governance Risk & Compliance
- Introduction to GRC
- ISO 27001
- PCI DSS
- HIPAA
- NIST
- GDPR
- Data Privacy
- SOC Audits – SSAE16/SOC 1, SOC 2 & SOC 3
- Risk Management
- Security Audits
- Business Continuity
- Third Party Risk Management
- Compliance Management
Module 9 – Security Operations Centre (SOC)
- SOC Fundamentals
- SOC Team Roles and Responsibilities
- Security Information & Event Management
- Recognizing Security Incidents and Events
- Threat Intelligence
- Incident Detection & Response
- MITRE ATTACK
- Incident response procedures
- Security Alerts & Alarms
- Overview of Splunk
- Splunk architecture
- Installation of Splunk (Windows & Linux)
- Usage of Splunk in log analysis
Module 10 – Cloud Security
- Introduction to Cloud security
- Cloud Pentesting Methodology
- AWS Cloud Security
- Azure Cloud Security
Chapter 3: Specialization
This chapter is where you will be gaining the skills of a Penetration Tester for performing Web + API & of a Penetration Tester for performing Web + API & Mobile Pentesting and you will be working on live Mobile Pentesting and you will be working on live targets hunting for vulnerabilities. targets hunting for vulnerabilities.
Module 11 – Web Application VAPT & Attacks
- XSS & HTML Injection
- SQL Injection
- CORS & HSTS
- Host Header Injection & Password Reset Poisoning
- SSRF
- File Upload Vulnerabilities, LFI, RFI & File Path-traversal vulnerabilities
- CSRF
- Business Logic Vulnerabilities
- Business Logic Vulnerabilities
- XXE
- Subdomain Takeover & Broken Link Hijacking,
- Buffer Overflow & Long Password DoS Attack
- RCE & Command Injection
Module 12 – RCE & Command Injection
- Broken Object Level Authorisation
- Broken Authentication
- Broken Object Property Level Authorisation
- Unrestricted Resource Consumption
- Broken Function Level Authorisation
- Unrestricted Access to Sensitive Business Flows
- Server-Side Request Forgery
- Security Misconfiguration
- Improper Inventory Management
- Unsafe Consumption of APIs
Module 13 – Mobile Application (Android & iOS) VAPT & Attacks
- Setup of Tools in (Windows, Kali, Mac)
- Static & Dynamic Analysis (Android) Methods
- Static & Dynamic Analysis (iOS) Methods
- Insecure Data Storage
- Sensitive Data Exposure
- Input Validation and Manipulation
- Improper Platform Usage
- Insecure communication
- Insecure Authentication & Authorization
- Insufficient Cryptography & Poor Code Quality
- Code tampering
- Reverse Engineering
- Extraneous Functionality
Not only this we have got Additonal Suprises for you all!
Get these 2 additional courses along with the main Training Program…