Web Application Setup
Web Application Hacking
Anatomy of an Attack
Web Application Threats
Cross-Site Scripting/XSS Flaws
o Countermeasures
SQL Injection
Command Injection Flaws
o Countermeasures
Cookie/Session Poisoning
o Countermeasures
Parameter/Form Tampering
Buffer Overflow
o Countermeasures
Directory Traversal/Forceful Browsing
o Countermeasures
Cryptographic Interception
Cookie Snooping
Authentication Hijacking
o Countermeasures
Log Tampering
Error Message Interception
Attack Obfuscation
Platform Exploits
DMZ Protocol Attacks
o Countermeasures
Security Management Exploits
Web Services Attacks
Zero-Day Attacks
Network Access Attacks
TCP Fragmentation
Hacking Tools
o Instant Source
o Wget
o WebSleuth
o BlackWidow
o WindowBomb
o Burp
o cURL
o dotDefender
o Google Hacking
o Acunetix Web Scanner
o AppScan – Web Application Scanner
o AccessDiver
Source:
http://www.eccouncil.org/EC-Council%20Education/ceh-course-outline.htmDon
Tools : NetWitness Investigator is now free! 
