from:7safe
1. Introduction to Web application
* Authentication
* Authorization
* cookies
* HTTP protocol
* overview of Google hacking.
2. Attacking Authentication
* Types of authentication
* clear text http protocol
* Username Enumeration
* security through Obscurity
3. Web server Issues
* IIS/Apache exploits and introduction to hacking tools such as metasploit
* Insecure HTTP methods
4. Cross Site Scripting
* Types of XSS
* Secure cookie, HTTP-only
* Complicated XSS
5. Cross Site Request Forgery
* Demo
* Complicated XSRF with POST requests
* XSRF in web services
6. Session Fixation
7. CRLF injection
* Proxy Poisoning, XSS with CRLF injection.
8. Clickjacking
9. SQL Injections(basic to advanced)
* Introduction to SQL Injections
* Authentication bypass
* Extracting Data
* O.S code execution
* Overview of advanced sql injections.
10. Malicious File Uploads
11. Vulnerable flash Applications
12. parameter manipulation attacks
13. business logic bypass.
* Authentication bypass
* Other logical flaws
14. SSL misconfigurations
* SSL and Man in the middle attacks
* screenshots
15. Security problems with thick client applications.
