Scribd
Upload
181 views4 pages

VAPT Course

The document outlines a 5 day course on vulnerability assessment and penetration testing. Each day covers different topics like introduction to VAPT, web application security, network security, security operations, and malware analysis. Tools covered include Burp Suite, Nmap, ZAP, Metasploit, and more.

Uploaded by

Vani Siva
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
181 views4 pages

VAPT Course

The document outlines a 5 day course on vulnerability assessment and penetration testing. Each day covers different topics like introduction to VAPT, web application security, network security, security operations, and malware analysis. Tools covered include Burp Suite, Nmap, ZAP, Metasploit, and more.

Uploaded by

Vani Siva
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

Vulnerability Assessment and Penetration Testing Course

Vulnerability Analysis and Penetration testing helps organizations evaluate their security
posture and understand their ability to withhold cyber-attacks against digital infrastructure.
Day 1:

Introduction to VAPT

• Introduction to Information Security


• Overview of information security concepts
• Common terminologies and definitions
• Importance of security in modern systems
• Understanding Vulnerability Assessment (VA) and Penetration Testing (PT)
• Differences between VA and PT
• Goals and objectives of VAPT
• List of VAPT tools

VAPT Methodologies

• Overview of common VAPT methodologies (e.g., OWASP, NIST, OSSTMM)


• Understanding reconnaissance, scanning, enumeration, exploitation, and reporting phases
• Hands-on exercises on reconnaissance and scanning techniques

Tool : Burpsuite Community Version

Day 2:

Web Application Security

This module covers the Web Application Penetration Testing (WAPT) that provides all the advanced

skills necessary to carry out a thorough and professional penetration test against modern web

applications.

Introduction to Web Application Security

• Web Application Vulnerabilities


• Best practices in WAS
• Security Challenges
• Hacking concepts
• Phases of Hacking

Tools:

• Burp Suite Community


• Edition
• Sublist3r
• Amass
• Findomain
• Assetfinder
• securitytrails.com
• Wappalyzer
• Gobuster

Day 3:

Vulnerability Assessment & Penetration Testing Concepts

• Fundamentals of VA
• VA tool Deployment strategy
• Scanning methodologies
• Risk Identification and Categorization
• Penetration testing concepts
• Penetration testing methodology
• Types of Penetration testing
• Tools and techniques used in penetration testing
• Limitations of penetration testing tools
• Hands-on practice on tools used in penetration testing.

Tools:

o Dirsearch
o LinkFinder
o Waybackurls
o ParamSpider
o FFUF
o LFISuite
o SSRFmap
o Sqlmap
o Dalfox
o retire.js

Vulnerability Scanning & PT

• Introduction to vulnerability scanning tools (e.g., OWASP ZAP)


• Hands-on exercises on vulnerability scanning
• Understanding penetration testing objectives and rules of engagement
• Introduction to penetration testing tools (e.g., Metasploit, Nmap, Burp Suite)
• Hands-on exercises on basic penetration testing techniques
• Advanced Topics and Practical Application

Network Security:

IPS : Intrusion Prevention System

• IPS Introduction
• Types of IPS
• Classification of IPS
• Comparison of IPS Technologies
• Detection methods of IPS

IDS : Intrusion Detection System

• IDS Introduction
• How does an IDS work
• Classification of IDS
• Benefits of IDS
• Detection methods of IDS

Tools:

• Nmap
• Nessus
• Wazuh
• ManageEngine Log360

Day 4:

Network Endpoint security

• Introduction & how does it work?


• Benefits of Network endpoint security
• Components of EPS

SOC (Security Operations Centre) Analyst

• Introduction to SOC
• Understanding Events and logging mechanisms
• Incident Detection with Security Information and Event Management (SIEM)
• Enhanced Incident Detection with Threat Intelligence
• Incident Response Activities
• Experience in using SIEM tools.

List of SIEM Tools

• IBM QRadar Security Intelligence Platform


• Splunk
• ArcSight ESM Software
• NetIQ / Micro Focus
• Trustwave
• Alienvault
• AccelOps
• BlackStratus
• EventTracker
• Intel Security Group
Day 5:

Malware Analysis

Introduction to Malware Analysis

• This topic explains the unique features, objectives, sources and potential effects of
• harmful software code.
• Implement different malware analysis techniques.
• Analyze the malware behavior in windows and android.
• Understand the purpose of malware analysis.
• Identify the various tools for malware analysis
• Benefits of Malware Analysis
• Types of Malware Analysis
• Dynamic
• Static
Tools:
• HexEditor
• Peid
• Ollydbg
• ImpRec
• IDApro -

Job Role
After the successful completion of this course, candidates will be eligible for applying the following job
roles:

• Ethical Hackers
• Penetration Testers
• Network Server Administrators
• Firewall Administrators
• Cyber Security Consultants
• Security Testers
• Security Analysts
• Security Engineers
• System Administrators
• Risk Assessment Professionals
• Malware Analyst

You might also like