National Forensic Sciences University

School of Cyber Security and Digital Forensics

Program Name: M Tech Cyber Security, Semester - I
Subject Name: Application Security and VAPT Subject Code: CTMTCS SI P4
Faculty Name: Dr. Digvijaysinh Rathod, Professor, SCSDF, NFSU
Duration: July 2024 to Dec 2024
Practical List
Sr. Practical Title Topic Name Description Tools and Unit
No Technolog Name
y with
numbe
r/
Topic
Name
1.TCP concepts – TCP Show to three-way Wireshark I
Three-way handshaking of the TCP or any
handshaking protocol using Wireshark or other
any other technology technology
2 TCP concepts – TCP Show that for every request Wireshark I
Prove that TCP TCP make the connect and or any
is connection then close the connection. other
less protocol The same process will be technology
continuing for each request
– Prove using Wireshark or
any other technology
3 HTTP/S HTTP/S Perform following preapical Zap Proxy I
Protocol Protocol using proxy (zap / burp) / Burp
1. What is the format of the Suite,
request header in the WAMP /
case of GET request? XAMP
2. What is the format of the and
request header in the DVWA or
case of POST request? any
3. Generate the following vulnerable
error code using burp / web app
zap with DVWA
a. 200 OK: A
successful request
b. 400 Bad Request:
An invalid request
payload
c. 403 Forbidden:
Permission denied
 d. 404 Not Found
e. 301/302/307/308 -
any one of it related
to redirect.
4 Origin, Origin, Perform following preapical Zap Proxy I
referee and referee and using proxy (zap / burp) / Burp
a. Show the value of Suite,
host host the origin, referee WAMP /
and host in the case XAMP
of GET request and
while it is DVWA or
intercepted using any
proxy. vulnerable
b. Show the value of web app
the origin, referee
and host in the case
of POST request
while it is
intercepted using
proxy.
c. On what case referee
can be NULL?

5 Cookies and Cookies and Perform following preapical Zap Proxy I

Sessions Sessions using proxy (zap / burp) / Burp
a. Show the value of the Suite,
session ID in the case of WAMP /
GET request while it is XAMP
intercepted using proxy. and
b. Show the value of the DVWA or
Session in the case of any
POST request while it is vulnerable
intercepted using proxy. web app
c. Show the location of the
cookie in your PC?
d. Test that if session is
saved in the browser
then whenever your
login in any website,
does same session id
will be used every time
or browser generate
different session id
whenever you login?
Test using proxy and
any vulnerable app.
 e. Does cookie store the
session id or credential?
if it stores the credential
then is it possible to plan
an attack which read the
cookie value? Justify
your answer with PoC.

6 Fingerprinti Fingerprinti Perform the fingerprinting Zap Proxy I

ng the web ng the web of the webserver / sites / Burp
using Suite,
server server 1. NetCat using GET / WAMP /
POST / OPTIONS / XAMP
DELETE and
2. Try at least ten DVWA or
commands of netcat from any
https://nooblinux.com/how- vulnerable
to-use-netcat/. web app,
3. Use HTTPrint for the NetCat,
fingerprinting of the web HTTP
server using https://net- Print,
square.com/httprint.html NMAP
4. Use NMAP for the
fingerprinting of the
webserver using
https://nmap.org/book/osdet
ect-fingerprint-format.html

If you want you can also use

online vulnerable site for
fingerpringing purpose but
be cautious while using such
tools on the live website as
it could be considered as
attacks also.
7 Web server Web server Perform the fingerprinting Telnet, I
fingerprintin fingerprintin of the web server using NC,
1. Telnet HTTPrint
g g 2. NC with HTTP methods and
3. HTTPrint Recon-ng
4. Recon-ng - use at-least
five modules for the web
server fingerprinting
8 Subdomain Subdomain Subdomain enumeration Google I
enumeration enumeration using Search
1. Google Search engine Engine,
 2. Bing search engine Bing
3. Virus Total - using DNS Search
replication service Engine,
4. OWASP Amass Tool OWASP
Amass
Tool
9 VHost VHost Carried out the DNS, VHost Gobuster I
and Dir enumeration using
Gobuster
10 Concepts of Concepts of Give the answer in two or Concept II
VAPT VAPT three line s of
1. What is Information
Gathering and how to do it?
VAPT
2. What is vulnerability
Assessment ?
3. What is pen-testing ?
4. Difference between VA
and PT?
5. What is unknown
vulnerability ? list out five
unknown vulnerability
discovered in 2023?
6. What is known
vulnerability ? list out top
five known vulnerability
exploited most in 2023?
7. What is zero-day
vulnerability ?
8. What is exploit ? list out
any one exploit used most in
2023.
9. What is Exploit and give
example?
10. What is cell code and
give example?
11. what is payload and give
the example?
12. what is black box
approach in VAPT?
13. what is white box
approach in VAPT?
14 what is gray box approach
in VAPT?
15. What is OWASP
guidelines?
16 what is OSSTMM
guidelines?
17.What is WASC
guidelines?
18 What is False Positive
and give example?
19. What is false negative
and give example?