| Module | Topics Covered | |--------|----------------| | 1. Introduction | Ethical hacking principles, legal considerations, course setup | | 2. Web Server Hacking | Server fingerprinting, directory brute-forcing, misconfiguration exploits, HTTP methods (PUT/DELETE risks) | | 3. Web App Recon | Google dorking, robots.txt analysis, Wappalyzer, Burp Suite setup | | 4. OWASP Top 10 Deep Dive | SQL injection (error-based, blind), Cross-Site Scripting (reflected, stored, DOM), CSRF, broken authentication, SSRF | | 5. Exploitation Tools | Using SQLmap, OWASP ZAP automated scans, Burp Intruder/Repeater | | 6. Defense & Reporting | Input validation, parameterized queries, CSP headers, patch management, writing pentest reports | | 7. Conclusion | Final challenge lab (simulated vulnerable web app) |

With her newfound access, Emily explored the web application's file system and discovered several sensitive files, including configuration files and backup files. She also found a hidden directory that contained sensitive data.

Basic understanding of networking (HTTP/HTTPS, TCP/IP), familiarity with web technologies (HTML, JavaScript, SQL), and some exposure to Linux/command line.

of Kode-1 and an adjunct Professor at Deakin University.