Esquema del curso

Conocimiento Integral en OWASP Top 10

Advanced Web Application Penetration Testing

Advanced SQL Injection (SQLi)

Cross-Site Scripting (Reflected, Stored, DOM-based XSS)

Cross-Site Request Forgery (CSRF)

Server-Side Request Forgery (SSRF)

Security Misconfigurations

Broken Access Control

Insecure Direct Object References (IDOR)

Using Components with Known Vulnerabilities

Técnicas y Vectores de Ataque

Network Scanning

Web App Enumeration

Auth Bypass

Dictionary Attack

Local File Inclusion (LFI)

Remote File Inclusion (RFI)

Arbitrary File Upload & Download

Command Injection

Remote Code Execution (RCE)

Privilege Escalation

Log Poisoning

Weak SSL Ciphers

Cookie & Header Modification

Session Fixation

Clickjacking

CMS Vulnerability Scanning

Source Code Analysis

Aprendizaje Basado en Retos (BTC Labs)

Beginner: 6 desafíos

Intermediate: 6 desafíos

Proficient: 8 desafíos

Expert: 4 desafíos

Total: 24 desafíos prácticos

Directory Browsing / Bruteforcing