Penetration testing and ethical hacking

Penetration testing and ethical hacking

Course Duration: 48 Hours . Total Classes: 24 . Course Fee: TK. 20,000

Expertise in emerging technologies is currently in strong demand across all sectors. On completion of any one of the courses, learners will have highly marketable, up-to-date and confidence-building knowledge and skillsets. They will have practiced, and been assessed on, a range of technical and transferable skills which will be beneficial at the personal, enterprise and community levels.

What you will learn?

  • How to explore real-world cyber challenges
  • How to communicate across technical boundaries
  • Work as part of a team
  • Finding security faults
  • How earn through bounty program
  • Personal branding as a cyber security professional

Topics Covered


  • Introduction to Linux OS
  • Set up Linux environment for web application testing.
  • Introduction to learn from best and updated platforms.
  • Web Fundamentals
  • Bugbounty platforms and how to approach

Environment and installation guides

  • OWASP TOP 10 Basic
  • OWASP top 10 vulnerability basics
  • How to test for OWASP top 10


  • Burpsuite
  • Windows Subsystem for Linux
  • Kali Linux

Information Gathering

  • Basic Information Gathering
  • Introduction with CVE’s, Exploit-DB & other public exploit searching
  • Finding Endpoints (JS Files, WayBack Machine, Running Through Proxies, application developer doc, Method based testing)
  • Using Search Engines (Google, Shodan, Bing, CenSys)

Approach to Hunt Bugs

  • Testing for Different Bugs (URL Redirection, Parameter Tampering, XSS, Sqli e.t.c)
  • Searching Public Exploits
  • SubDomain Takeover

Hacking APIS

  • Privilege Escalations – Token / Cookies Based
  • Sessions – Token / Cookies Based
  • XML External Entity Attacks (XXE) – Token / Cookies Based
  • CORS and JSONP – Cookies Based
  • Cross Site Request Forgery (CSRF) – Cookies Based

Advanced Testing

  • Hacking oAuth 2.0
  • GraphQL Testing for Finding Bugs

Case Studies

  • Analyzing previous Vulnerabilities found.