 We are live. So, hi everyone. I'm Sanjay Gupta. I welcome you on Sanjay Gupta Tech School. So, I have Sumit with me. So, welcome Sumit on the channel. And today we are going to start a cybersecurity bootcamp. So, last week we did day zero. So, we just provided you the introduction about cybersecurity, what it is and how it is useful. Lots of things Sumit explained to you. So, let's start with day one and Sumit will be explaining you brief concepts related to cybersecurity. So, my request is to attend the sessions consistently and listen whatever he is explaining so that you can become an expert in this field. Hello everyone. So, hello everyone. In previously I will talk about what is cybersecurity and why we need cybersecurity. Today we are discussing about web application security. So, as many of you are still joining, let's know about me. So, my name is Sumit Jain and I'm an ethical hacker and cybersecurity expert. Currently, I'm working as a red team member in Sineq and Pentabog. Apart from that, I work as a senior security specialist at JITRO network. I have 10 plus years experience in this domain. Previously, I'm a guest instructor at Central Detective Training School. And right now, I'm helping students, stressors and professionals to build their career in cybersecurity and in various domains of cybersecurity, like web application security, mobile application security and software application security. So, if you like the content, please subscribe for more and share our YouTube channel. My channel name is Cyber Security Zone where I'm currently regularly posted videos related to cybersecurity and various domains in details. You can follow the Sanjay Gupta Tech School where I will be doing sessions related to cybersecurity. You can follow me on these below platforms, LinkedIn, Twitter. The links are available in video description. So, we are about to start. So, in day zero, I was talking about what is cybersecurity and many of you understand with the ethical hacking, but cybersecurity and ethical hacking are different. They are very different. Ethical hacking is a part of cybersecurity, but cybersecurity and ethical hacking are not a single domain. So, today, let's recap something we will learn in the previous session. So, in IT infrastructure, we have three main domains. One is network. The second one is systems and devices. And the third one is applications. These, all three are the main component of an IT infrastructure. We have various type of applications. We have various type of systems like operating systems and network devices. And to running these flow lastly, we need a network. So, let's understand these. So, what is the applications are? We have multiple applications like the other application. We have mobile application. And currently, we have two types of mobile application. One is for Android and other one is for iOS. We have software application. A program you run on an operating system. Suppose not bad, Zoom, TeamViewer, Paint. Anything, a program run on operating system is a software. So, we have three types of different applications. Web application, mobile application and software application. These applications are built on various technologies. Like if I will talk about web application. These are built with many languages like Java, PHP, and some using CMS, content management system like WordPress. And if you are building a web application, we integrated with many other plugins, JavaScript libraries, other CMS like Joomla, Drupal, Mazinter, Adobe Experience Manager. So, to run a web application, we need many IT infrastructure in many languages, many components, many login panels like Facebook login panels, Google login panels, and many types of JavaScript libraries, jQuery, JS, NodeJS, ReactJS. And if you are building a mobile application, we have two platforms. One is iOS and one is Android. So, they have their own respective languages to build on. And if you are building software application, they have their own infrastructure. And if I will talk about the systems like operating system we have. So, we have three types of operating system. One is Windows-based. The second one is Linux-based. And the third one is Unix-based. So, let's discuss about these. So, Windows, which is developed by Microsoft, had two types of operating system. One is for client-side. So, let me erase this. So, if we talk about operating systems, we have two types of operating system. One is for client-side. And the other one is for server-side. Client-side operating systems are we doing client-side activity like creating a program, running a program, watching a movie, creating applications, connecting to browsing internet, downloading something, using something, browsing something. So, these are running on the client-side operating system. And for that, Microsoft, who built Windows, they have client-side operating systems like Windows 7, Windows 8, Windows 10, Windows 11. And in the past, they have Windows XP, different versions of Windows XP operating system. And for server-side activity, where they are managing and running and hosting a web application and different types of program to control other networking areas, the Microsoft releases server-side operating systems are Windows Server 2008, Windows Server 2012, Windows Server 2016. So, we have two types of operating system and three types of operating system category. One is Windows-based, Linux-based. So, if we talk about Linux-based operating system, that client-side activity and the server-side activity, we can do both in the Linux-based operating system. So, Linux-based operating systems are Linux. So, in these operating systems, we can do both client-side activity and server-side activity as well. And the third one is Unix-based operating system, where we can do only server-side activity. So, for that, IBM has a Unix-based operating system. The applications we build is running on these operating systems. And to access the application on the operating system, we have Network. So, Network is all about from which we can access all the content from the Internet by uploading or downloading. So, let's understand something about Network. So, Network is something when multiple devices are connected with each other and they are sharing and receiving data. So, they are in Network. We have different types of Network, like LAN Network, WAN Network, Local Area Network, Polyton Area Network, Wide Area Network. So, these are three different types of Network based on geographical size and based on their category. We have two types of Network, P2P Network and Server and Client Network. Once we created these Network, we have to provide them Internet and make them available to sharing and receiving data. So, we have to provide addresses. There are two types of addresses. One is physical address and the other one is logical address. Physical address is something like MAC address and logical address is all about IP address. So, I will talk about Network in our day two. So, here why I am explaining these to you because then we have these three main component. One is Network, the other one is System and Devices and the other one is Application. So, Cyber Security is all about protecting and finding flows to make them secure all these three categories and Ethical Hacking is all about to attack on the network application and system. Cyber Security is about securing them and in the Cyber Security domain, we have a specific field called Ethical Hacking where we will be performing some attacks to test these all three categories. So, Cyber Security and Ethical Hacking are not same, they are different, but Ethical Hacking is part of Cyber Security, right? So, move on. A part of providing security to the web application, we have a process called VAPT and VAPT is all about Vulnerability Assessment and Penetration Testing. So, what is Vulnerability Assessment? Vulnerability Assessment is a systematic approach to finding the security loopholes in a network or software system. It can be performed by manually or by using different tools on the Linux distribution. So, we have a specific distribution called Kali Linux and Parrot Operating System because they have various types of tools we need in the VA Vulnerability Assessment. Then the outcomes of Vulnerability Assessment process is a report which showing all Vulnerabilities which are categorized based on their severity. This report is further used for next step which is Penetration Testing. So, if we want to secure a web application, a software application or a mobile application, we have a test called Vulnerability Assessment and then we will move further with Penetration Testing. So, Vulnerability Assessment is about something, finding a loopholes from a checklist in a network or software system. Then we can create a report and do the next step which is Penetration Testing. So, what is Penetration Testing? Penetration Test is a proof of concept approach to actually explore and exploiting Vulnerabilities. So, let's understand this. Like something, if we found a loophole in, like our web application is built on JavaScript and we are using an older version of JavaScript. So, we get to know in the process that our JavaScript version is not up to date and then in the PT process we have to exploit the Vulnerability using some techniques or using some tools to take on the outdated JavaScript. So, these processes are called Penetration Testing. So, the Penetration Test is a proof of concept approach by exploiting all the Vulnerabilities we find in the VA process. This process confirms where the Vulnerability really exists and further prove that exploring it can result in damage to the application or network. If we found out some data which is leaking, if we can access to admin panels with unauthorized access, if we can change someone's account credentials, if we can dump the network credentials, if we can dump the server credentials, if we can log in into the server with default credentials, the server is exposing some data to the vulnerable plugins. The sensitive parts are not hidden. So, these are covered in Penetration Testing. The outcome of Penetration Testing process, typically evidence in form of a screenshot or in log. So, if we do a Penetration Test on application, we record the screenshot or making a video about how we exploit the Vulnerability. So, we have three types of testing. One is black box testing. Second one is gray box testing. And the other one is white box testing. So, let's understand what these are. So, black box does not include any knowledge of structure of the system. Like, we have blindly testing an application, a system or network, where we don't have the knowledge about the structure of the system, what they are using to build their system, what they are running, what they have running on the, what type of operating system they are running, what type of language they use, what type of CMS they use. So, black box doesn't include any knowledge of the structure. So, this type of testing simulates the approach of an outside attacker. How an outside attacker can test their target or can hack or can damage to the applications you build. Gray box includes only a limited knowledge of the layout of the target. So, we have some limited knowledge. Like, our client give you some specific things to do test on. Like, we have Windows operating system. We have installed WordPress in our infrastructure. We have installed these types of JavaScript plugins in our infrastructure. We have something like analytics in our infrastructure. We have used zero authentication in our infrastructure. So, we have, if we have a limited knowledge of the target, we do gray box testing. And white box testing occurs when a penetration tester has complete knowledge of the target. If we have the complete knowledge about the target, the things they are built on, what are the directories they have, what are the operating system they have, what their storage buckets are, what types of loading panels they use, different types of IPs they are running. If we have information about the servers they use, what type of SSL certificate they have. So, we do white box testing. So, steps involved in the VAPT process. VAPT means vulnerability assessment and penetration testing. In combined, we called VAPT process. So, the steps are enumerate a vulnerability, perform an attack manually, analyze the result of the attack, explore the vulnerability further to see if more attacks are possible. This process is called penetration testing and the previously above process are called vulnerability assessment. And then, prepare the final report of the testing. So, if we have in this session, in this bootcamp, I will talk about how to test, how to do a VAPT test on web application. And in other bootcamps, we will talk about the mobile application and network application security as well. So, in a penetration testing stages, we have five stages. One is collecting information, which is called footprinting. So, footprinting is important if you are going to test a target. So, test goals are defined and intelligence is gathered. So, if we want to do test on a target, so we have five stages. One is footprinting, collecting the information as much as you can, using some online websites, using some Kali Linux distribution tools, using some manual performance scan. We have collected... We have to collect as much information as we can. The second stage is scanning. Scanning tools, like how many ports are open, what are the ports are closed, how many services they have. So, the scanning process is in this process. Scanning tools are used to understand how a target responds to its intrusions. The third one is gaining access. So, when the application attacks, our stage to uncover a target vulnerabilities, like if we found in the second step, that a port is open. So, in the third step, we have to attack on that port. In the second step, a MySQL port is open. So, we have to launch an attack on the open port and see if we can access via MySQL. The fourth one is maintaining access. So, maintaining access is something to see if a vulnerability can be used to maintain access. And the last one is analyzing, analyzes, and web configuration. So, results are used to configure the web application firewall setting before testing is running again. Because sometimes WF can block your scans, your testing payloads. So, we have to analyze and configure WF. So, we have to perform these penetration tests. So, these are some bug bounty platforms who can give you some actual target to do a VAPT process. So, throughout this bootcamp, we are running live testing on some of the targets. So, these are the platforms who can provide you the targets to test on. So, you can actively check on these platforms. All you have to do is go to these websites and create an account. The registration process is simple. We have to register as a hacker or penetration tester. We don't have to register as a company because we are not offering our domain to test upon. We are testing other applications. So, we have to register as a client, as a hacker, as a penetration tester. So, websites are hacker1.com, bugcrowd.com, integrity.com, sekuna.io, fantasy.com, buggy.io. And I have made a dedicated video on this topic. About how to find the bug bounty platforms using Google and using Google, using the other search engines and what types of bug bounty platforms we have. So, go check that out. So, I will show you how the account registrations are done. So, go to hacker1.com, where you can create a hacker1 account. And as you can see, there are two options, I am a hacker, I am a company. You have to select this, I am a hacker. Then provide your name, the username you want to have, your email address and your passwords, and then create an account. After completing the account setup, you can find various targets to do a VAPT process on this section, directory programs. So, you can pick any target and start a VAPT process. I am about to explain how to test on these. The other platforms are integrity.com. So, the registration process are simple. You can go on sign up and start registering on these platforms and can do VAPT. These are the bug bounty platforms. The other ones are hack and proof. This one is dedicated for VAPT 3 applications. Yeswehack.com. If you have a passport, then you can register on this application. BugBounty.jp. This is for country Japan. Kobal.io and Yogosha.com. You can not directly register on these platforms because first they have to take a test about how the skills you have. So, you cannot directly register on these platforms. One is Kobal.io and the other one is Yogosha.com. And the other platforms you can register freely. They are available for public use. So, if you want to find some targets using Google Docs, you can type these queries in the Google, like inURL colon bug bounty, inURL colon byte add, inURL colon security bounty, inURL colon responsible disclosure, inURL colon vulnerability reward program. So, let me show you. I type inURL colon responsible disclosure reward. So, you can see there are multiple open applications who want you to test on their applications. So, if you open this application, you can see their policies, their response targets about how they handle your reports, their disclosure policy. You have to email them what you find. And the reward categorization, what will you get if your report is selected or if your report is accepted. These are the applications they want to test. The application is app.open.money. The API application is something, the Android application and the iOS application. So, we have multiple targets to try our skills. And in this bootcamp, I will teach you how to make these skills, how to test on the given target. So, to test, we have to find some vulnerabilities and the common duct types are SQL injection. So, SQL injection is something where we inject some SQL queries in our infected area to find out if our application responding in some SQL error. Upon that, we can dump SQL data. The cross-site scripting where we have inject a JavaScript code, JavaScript payload into our input area and see if our application can run or execute those JavaScript payloads. Cross-site request forgery called as CSRF attack. In this attack, we create a malicious crafted request and send out to the victim. If you victim click on that request, the information on your account can be changed. The IDO, insecure direct object reference, these types of vulnerability can be exploited without user interaction. We can change account passwords. We can change anyone's profile pictures. We can delete anyone's video. Like if you heard about, Sanjay Sir shared a post in past few days, where an attacker can delete anyone's LinkedIn posts. So, these vulnerabilities are called IDO and remote code execution where we will execute a remote code, local file inclusion, where we can see local files of the systems, remote file inclusion, broken access control, broken session management, account takeover, where we can take over anyone's account, sensitive data exposure to test if our application is leaking something malicious, something sensitive, like admin credentials, user credentials, user information, user email addresses, some credit card information, web configuration files, some sensitive files on the server, information disclosure. And we have multiple docs as well. So, you can read it on the, you can type, Buckrow VRT, and where you will find a file. The file have multiple various vulnerabilities on their CVRT. So, you can see what the CVRT is, P1 category, and vulnerability name. You can see where various types of vulnerabilities, like server security misconfiguration, server side injection, server side injection, remote code execution, SQL injection, XML external entity injection, where we have to attack on XML, authentication bypass, disclosure of secrets, hard-coded password, cryptographic flow, misconfigured DNS, zeroth misconfiguration, weak password reset implementation, stored accesses, server side request forgery. So, you can check out various type of vulnerabilities, and throughout this bootcamp, we will be learning about how to find these vulnerabilities, how to do a VAPT on your given application, how to make a report, and how to earn some cash, or as well as swag, solo-fade certificates as well. And when you acquire these skills, you can apply for a job as well, where in the company, you will be doing these processes. So, you can do the freelance work as well, and in the job work as well. So, tomorrow, we will be talking about how the network works, what is the IP, how IP works, what is the IP, what are the types of IP address, why we need subnetting, why we use subnetting, what are the MAC address, what are the ports we have, how to learn about ports, different types of network we have. Then we will start understanding about how to install our lab setup, and then in the next week, we will start how to test on the targets. So, that's it from my side. Over to you, sir. Okay, so guys, now, if you have any question related to this session, so you can ask any type of question that you have in your mind. If you need anything that we can discuss again. So, I saw there were a few suggestions like Manan was saying, is it possible, Sumit, can we have this whiteboard not erased and stored somewhere like whatever you have explained? We can screenshot the whiteboard and then share in the next slides or in the next video or in the comment section as well. Yeah, so maybe what we'll do, we'll create a separate slide deck for you guys and we'll be sharing that with you. So, whatever we are discussing here, so a brief deck related to that we'll be sharing with you so that in initial sessions, whatever theoretical topics we are discussing, you will be having those. And now, let me just share my screen so that if there is any questions so we can take that as well. So, guys, please ask questions. I just shared the screen. So, whatever question you have, Sumit is seeing and you will be answering your question. So, Vishal is asking, can you show the website which you have said to sign up? Vishal, site name is hacker1.com and you will find all the websites in these slides when this video is up or you can check my channel where I will be posting a video about how we find these bug bounty platforms so you can check that out. The link you will find in the description or in the pinned video comment after this video is uploaded. Okay. So, anyone else having any doubt? So, guys, see this is introductory session and Sumit discussed all the theoretical concepts which are related to cybersecurity. So, initially you will see that sessions are not too much understandable because you are learning it for the first time. So, what you can do, just go through the recording and try to understand the terminology like what is penetration testing? What is VT? This word I am unable to pronounce. So, like, what is bug? So, simple, simple terms like three types of networks are there. So, all these things if you go through once again and if you attend tomorrow's session so tomorrow he will be discussing about different networks. So, gradually like after one or two weeks you will be having clear understanding about the topics, right? So, I can see like few questions are there. So, Sumit, is there any question that you can pick? What is called proof of concept? So, Janna, proof of concept is something when we test a target, when we attack a target we will be collecting screenshots about how the attack works, how the methodologies, what are the methods we use to attack on the target. So, we create a proof of concept. So, the other person on the developer team can understand what you have done. So, this is called proof of concept. Shall we do VAPT testing using Windows operating system? Yes, Amal, you can but you have to install a virtual machine on your Windows operating system. So, you can do the VAPT test using Windows operating system. Aditi, Unix operating system doesn't have client side. So, we have Linux based operating system and throughout the session I will be using Kali Linux. For most of the topics I will be using Kali Linux operating system and you have to install Kali Linux on your virtual machine or on your hardware as well but virtual machine is fine so you can install Kali Linux on your Windows operating system. I will be teaching how to install Kali Linux on your Windows operating system so don't worry. So, someone is asking like I am studying cyber security almost a year but due to lack of planning and not to study in a proper way I have feeling I have zero knowledge please give me a solution. So, sports year you have to start learning about the network first then start learning about how the application process is how to collect information because the record part is also important as much as information you have about the target about target works you can test your vulnerabilities on the target so the network and the record process which is printing scanning is all about you have to learn first then can move on the testing the target. So, guys if you have more questions you can ask and I would request like if you go through the recording once again so that you can relate and like I got the Wamshi's point so from tomorrow, Sumit will be little bit slower because this is they are learning for the first time so we will make sure like he will like slow down his speed and we will be sharing some material with you so that you can go through with that and this is a different technology and we are doing it for the first time so we need your feedback and I appreciate your feedback so that we can improve and this is for you only and if you have more feedback so what you can do you can just share your feedback in the telegram group so that or you can ask any question like when you see the recording so you can just ask your question in the telegram group also so Sumit will be answering those questions there so it is more on theoretical side so just understand the concept and anytime if you have any questions you can ask So, Umka is asking what is the meaning of docs so docs is something keywords the specific keywords we use to search something so docs is keywords keywords are called docs in our security domain Sikander please explain one's penitent testing so in penitent testing we have to attack we have to explore and exploit the information we collect using VA one limit assessment and make sure that the application are no longer exploited by the attacker so it is called penitent testing so I think we need to include more examples so Praveen is saying please explain in simple manner so if we can have any more examples if when we start a practical session then we don't have this problem yeah so like Praveen this is like initial session and it was day one so we like have enough patience and soon like after this week when practical sessions will be starting so all these concepts will be revising so don't worry and you will be understanding so just attend all the sessions and try to watch the recording if you didn't understand something try to make notes so you will be able to understand so any more questions if you have you can ask so I think it was day one and I appreciate Sumit's effort and he shared like basic knowledge which was related to cybersecurity so I request you guys please go through the recording once again and understand the concept so that tomorrow whatever he will be explaining you can relate and whatever feedbacks or suggestions we will try to incorporate those as well okay thank you everybody see you tomorrow same time bye thank you