Student profile

B.Voc(CS)-3 (2023-24)
S Roll Categ Contact
No No Reg No. Student Name ory Father's Name Mother's Name No.
1610 5111-2021- PARDEEP 9417972
1 1 493 SINGH BC JAGGA SINGH RANI KAUR 867
1610 5111-2021- AKASHDEEP 9877006
2 2 494 SINGH SC BALJEET SINGH GURPREET KAUR 950
1610 5111-2021- JASKARAN 9815706
3 3 495 SINGH BC AMRIK SINGH KARMJEET KAUR 694
1610 5111-2021- GENER 9915526
4 4 496 OSHEEN GARG AL VIJAY KUMAR PARVEEN BOBY 474
1610 5111-2021- SEHAJPREET GENER GURDEASH 9872350
5 5 497 KAUR AL JASPAL SINGH KAUR 158
1610 5111-2021- HANISH GENER 9878298
6 7 499 BANSAL AL RAJESH KUMAR KIRNA RANI 231
1610 5111-2021- GENER 8699611
7 8 500 MOHIT GARG AL AMAR KUMAR NEERAJ BALA 625
1610 5111-2021- GENER 8699281
8 9 501 YASH AL RAJ KUMAR SUNITA 587
1611 5111-2021- NARESH 9872711
9 0 502 KUMAR SC SUBHASH CHAND KANTA DEVI 963
1611 5111-2021- SUKHDEEP 9417889
10 1 503 SINGH BC JASKARAN SINGH GURJEET KAUR 005
1611 5111-2020- BALWINDER 9872621
11 3 322 HAMEET KAUR SC SATNAM SINGH KAUR 125
1611 5111-2021- GURJEET SAWARNJEET 9815365
12 4 505 SINGH SC FOUJA SINGH KAUR 131
1611 5111-2021- HARJEET 7740000
13 5 506 SINGH BC GURLAL SINGH SARABJIT KAUR 857
1611 5111-2021- KUMARI 9679004
14 6 507 SANJANA SC BULLA SHAH BILLO RANI 088
1611 5111-2021- PARAMJEET 7652809
15 9 510 BEANT KAUR SC BINDER SINGH KAUR 815
1612 5111-2021- SUKHPREET 7657889
16 0 511 KAUR SC BHAPPA SINGH JASVFEER KAUR 499
1612 5111-2021- HUSANDEEP GENER 6280235
17 4 515 SINGH AL TARSEM SINGH SARABJIT KAUR 611
1612 5111-2021- GENER 7814133
18 6 517 KUNAL KUMAR AL RAMESH KUMAR SONIA RANI 788
1612 5111-2021- LOVEPREET GENER 9877419
19 7 556 HARRY AL BHUSHAN KUMAR HARMESH RANI 877
1612 5111-2021- ARSHDEEP GENER 7888648
20 8 554 SHARMA AL DARSHAN KUMAR KRISHMA DEVI 094
1612 5111-2021- GENER 9781102
21 9 558 PARNEET KAUR AL BHUPINDER SINGH RAJINDER KAUR 317
1613 5111-2021- GENER KULWINDER 9780374
22 0 555 HARJOT KAUR AL KULBIR SINGH KAUR 760
1613 5111-2021- HARISH SPORT 1234567
23 3 564 CHANDER S GAJE SINGH POONAM 890
1613 5111-2021- SPORT 1234567
24 5 562 SONU S SOMBIR SUNITA 890
1613 5111-2021- SPORT 5555555
25 6 545 DEEPAK S SOMBIR PUNIA SUNITA 555
26 1613 5111-2021- GAURAV SPORT GAURI SHANKAR PUSHPA BINWAL 9777937
 8 480 BINWAL S BINWAL 690
1614 5111-2019- KOMALPREET MANJINDER SINGH RAVNEET KAUR 9592330
27 0 1389 KAUR BC JOURA JOURA 260

Time Table
Time Table 2023-24
S. Name I II III IV V VI
no
1 Gurdeep B.Voc(CS)- PGDCA B.Voc(CS)-3 B.Voc(CS)-3 B.Voc(SD)- MCA-2
kaur 1 FOC IT & E- Penetration Penetration 2+MSC-IT- Artificial
commerce testing testing-LAB 2+ MSc-It Intelligence
Le C++ LAB

Syllabus
4. Action Plain of syllabus to be covered (Monthly distribution, Weekly distribution)
LECTURE DISTRIBUTION

Introduction to web applications:

HTTP/S protocol basics,
Encoding
Same origin
Cookies, sessions
Web application proxies
Information gathering:
Gathering information on your target
Infrastructure,
fingerprinting framework and applications
fingerprinting custom applications
google hacking,
shadon HQ
Cross site scripting:
Cross site scripting
Anatomy of an XSS exploitation
Finding XSS
XSS exploitation,
Mitigation
SQL injection:
Introduction to SQL injection
Finding SQL injection
Exploitation in band SQL injection
Exploiting error based SQL injection
Exploiting blind SQLi,
SQL map
Authentication and authorization
Introduction,
common vulnerabilities,
Bypassing authorization
Session security:
Weakness of session identifier
Session hijacking
Session fixation
Cross site request forgeries
Flash security:
Introduction, Flash security model
Flash vulnerability,
HTML5:
Cross origin resource shearing
cross window messaging
Web storage,
web socket
Sand frames
File and resource attacks:
Path traversal,
File inclusion vulnerability
Unrestricted file upload
Other attacks:
Click jacking,
HTTP response splitting
Web services:
Introduction,
web services implementations
The WSDL language and attacks
X Path :
XML documents and databases
X Path,
detecting X Path injection
Exploitation,
best defensive technique

5. Weekly Lesson Plan

Weekly lesson plan
Teaching aid
Date Class Subject Topic covered
used

17-08- B.VOC(CS Penetratio HTTP/S protocol basics,

Computer
2023 ) -3 n testing
18-08- B.VOC(CS Penetratio Encoding
Computer
2023 ) -3 n testing

19-08- B.VOC(CS Penetratio Encoding

Computer
2023 ) -3 n testing

21-08- B.VOC(CS Penetratio Same origin

Computer
2023 ) -3 n testing

22-08- B.VOC(CS Penetratio

Cookies, Computer
2023 ) -3 n testing

24-08- B.VOC(CS Penetratio Sessions

Computer
2023 ) -3 n testing

25-08- B.VOC(CS Penetratio Web application proxies

Computer
2023 ) -3 n testing

26-08- B.VOC(CS Penetratio Web application proxies

Computer
2023 ) -3 n testing

28-08- B.VOC(CS Penetratio Gathering information on your target

Computer
2023 ) -3 n testing

29-08- B.VOC(CS Penetratio Infrastructure,

Computer
2023 ) -3 n testing

31-08- B.VOC(CS Penetratio

fingerprinting framework and applications Computer
2023 ) -3 n testing
01-09- B.VOC(CS Penetratio
fingerprinting custom applications Computer
2023 ) -3 n testing

02-09- B.VOC(CS Penetratio enumerating resources

Computer
2023 ) -3 n testing

06-09- B.VOC(CS Penetratio relevant information through misconfigurations

Computer
2023 ) -3 n testing

08-09- B.VOC(CS Penetratio

google hacking, Computer
2023 ) -3 n testing

11-09- B.VOC(CS Penetratio

shadon HQ Computer
2023 ) -3 n testing

12-09- B.VOC(CS Penetratio

Cross site scripting Computer
2023 ) -3 n testing

13-09- B.VOC(CS Penetratio

Anatomy of an XSS exploitation Computer
2023 ) -3 n testing

14-09- B.VOC(CS Penetratio

Three type of XSS, Computer
2023 ) -3 n testing

15-09- B.VOC(CS Penetratio

Finding XSS Computer
2023 ) -3 n testing

16-09- B.VOC(CS Penetratio XSS exploitation,

Computer
2023 ) -3 n testing

18-09- B.VOC(CS Penetratio

Computer
2023 ) -3 n testing
Mitigation

19-09- B.VOC(CS Penetratio

Introduction to SQL injection Computer
2023 ) -3 n testing

20-09- B.VOC(CS Penetratio

Finding SQL injection Computer
2023 ) -3 n testing

\21-09- B.VOC(CS Penetratio

Exploitation in band SQL injection Computer
2023 ) -3 n testing
 22-09- B.VOC(CS Penetratio
Exploiting error based SQL injection Computer
2023 ) -3 n testing

23-09- B.VOC(CS Penetratio

Exploiting blind SQLi, Computer
2023 ) -3 n testing

25-09- B.VOC(CS Penetratio

SQL map Computer
2023 ) -3 n testing

B.VOC(CS Penetratio Mitigation strategies,

26-09- Computer
) -3 n testing
2023

B.VOC(CS Penetratio
28-09- Computer
) -3 n testing
2023 from SQLi to server takeover

B.VOC(CS Penetratio
29-09- Introduction, Computer
) -3 n testing
2023

B.VOC(CS Penetratio
30-09- common vulnerabilities, Computer
) -3 n testing
2023

B.VOC(CS Penetratio
03-10- Bypassing authorization Computer
) -3 n testing
2023

B.VOC(CS Penetratio
04-10- Weakness of session identifier Computer
) -3 n testing
2023

B.VOC(CS Penetratio
05-10- Session hijacking Computer
) -3 n testing
2023

B.VOC(CS Penetratio
06-10- Session fixation Computer
) -3 n testing
2023

B.VOC(CS Penetratio
07-10- Cross site request forgeries Computer
) -3 n testing
2023

B.VOC(CS Penetratio
10-10- Introduction, Flash security model Computer
) -3 n testing
2023

B.VOC(CS Penetratio Flash vulnerability,

11-10- Computer
) -3 n testing
2023

B.VOC(CS Penetratio pen testing flash application

12-10- Computer
) -3 n testing
2023
 B.VOC(CS Penetratio Cross origin resource shearing
13-10- Computer
) -3 n testing
2023

B.VOC(CS Penetratio cross window messaging

14-10- Computer
) -3 n testing
2023

B.VOC(CS Penetratio Web storage,

16-10- Computer
) -3 n testing
2023

B.VOC(CS Penetratio web socket

17-10- Computer
) -3 n testing
2023

B.VOC(CS Penetratio Sand frames

19-10- Computer
) -3 n testing
2023

B.VOC(CS Penetratio Path traversal,

20-10- Computer
) -3 n testing
2023

B.VOC(CS Penetratio File inclusion vulnerability

21-10- Computer
) -3 n testing
2023

B.VOC(CS Penetratio Unrestricted file upload

25-10- Computer
) -3 n testing
2023

B.VOC(CS Penetratio Click jacking,

26-10- Computer
) -3 n testing
2023

B.VOC(CS Penetratio HTTP response splitting

27-10- Computer
) -3 n testing .
2023
Business logic flow,
B.VOC(CS Penetratio
30-10- Computer
) -3 n testing
2023

B.VOC(CS Penetratio
31-10- Denial of services Computer
) -3 n testing
2023

B.VOC(CS Penetratio
01-11- Introduction, Computer
) -3 n testing
2023

B.VOC(CS Penetratio
02-11- web services implementations Computer
) -3 n testing
2023

B.VOC(CS Penetratio
03-11- The WSDL language and attacks Computer
) -3 n testing
2023
 B.VOC(CS Penetratio
04-11- XML documents and databases Computer
) -3 n testing
2023

B.VOC(CS Penetratio
06-11- X Path, Computer
) -3 n testing
2023

B.VOC(CS Penetratio
07-11- detecting X Path injection Computer
) -3 n testing
2023

B.VOC(CS Penetratio Exploitation,

08-11- Computer
) -3 n testing
2023

B.VOC(CS Penetratio
09-11- Computer
) -3 n testing
2023 best defensive technique

B.VOC(CS Penetratio
10-11- Computer
) -3 n testing
2023 best defensive technique

5. Recommended Reference Books:

1. Georgia Weidman, “Penetration testing”

6. Lecture division (Lecture Statement)

Class-B.Voc(CS)-3 sem-V, Attendance record

Subject- Penetration Testing
Total Lectures Delivered=62
S Roll Aug(12 Sept(21 OCT(20 Nov(9
Student Name
No No ) ) ) )
1 16101 PARDEEP SINGH 11 18 18 8
2 16102 akashdeep singh 11 18 17 8
3 16103 JASKARAN SINGH 11 20 18 8
4 16104 osheen garg 12 19 19 8
5 16105 sehajpreet kaur 11 19 17 8
6 16107 HANISH BANSAL 11 18 18 8
7 16108 MOHIT GARG 11 19 18 7
8 16109 YASH 11 19 17 8
9 16110 NARESH KUMAR 10 18 18 8
10 16111 SUKHDEEP SINGH 11 18 20 7
11 16113 hAMEET KAUR 12 18 18 8
12 16114 GURJEET SINGH 12 19 18 7
13 16115 HARJEET SINGH 11 20 18 7
14 16116 kumari sanjana 11 19 18 8
15 16119 BEANT KAUR 11 19 18 8
16 16120 SUKHPREET KAUR 11 19 18 8
 17 16124 husandeep Singh 12 19 17 8
18 16126 kunal kumar 11 19 19 8
19 16127 lovepreet harry 11 19 18 8
20 16128 ARSHDEEP sharma 11 18 18 8
21 16129 PARNEET KAUR 12 20 18 8
22 16130 HARJOT KAUR 11 19 18 7
23 16133 HARISH CHANDER 12 19 18 8
24 16135 Sonu 11 17 19 8
25 16136 Deepak 11 18 19 8
26 16138 gaurav binwal 11 19 18 7
27 16140 KOMALPREET KAUR -- 19 20 8

7. Detail of Weak and Brilliant Students

LIST OF INTELLIGENT STUDENTS:
Osheen, Hanish

LIST OF WEAK STUDENTS:

Yash, Naresh

8.Record of Internal Assessment and Evaluation:

The break-up of marks for the internal assessment for theory papers except B.VCS-313 will be as
under:
i. One or two tests out of which minimum one best will be considered for assessment. 24 Marks
ii. Attendance 8 Marks
iii. Class participation/behaviour/assignment 8 Marks

Software lab

Department of Computer Science

B.Voc-CS-3 (Semester- 5) Internal Assessment DEC 2022
SUBJECT:BCSB3106L Software Lab-X Penetration Testing
Teacher's Name: Gurdeep Kaur
College Exam
Total(50)
Sr No Rollno RollNo Name
1 18116 KOMALPREET KAUR 47
2 16120 857301 SUKHPREET KAUR 46
3 16105 857302 SEHAJPREET KAUR 47
4 16104 857303 OSHEEN GARG 48
5 16116 857304 KUMARI SANJANA 49
6 16103 857305 JASKARAN SINGH 46
7 16130 857306 HARJOT KAUR 47
8 16113 857308 HAMEET KAUR 49
9 16119 857309 BEANT KAUR 48
10 16109 857310 YASH 46
11 16111 857312 SUKHDEEP SINGH 45
12 16135 857313 SONU 45
13 16129 857317 PARNEET KAUR 46
14 16101 857318 PARDEEP SINGH 47
15 16110 857319 NARESH KUMAR 47
16 16108 857320 MOHIT GARG 46
17 16127 857321 LOVEPREET HARRY 46
18 16126 857322 KUNAL KUMAR 45
19 16124 857324 HUSANDEEP SINGH 48
20 16115 857326 HARJEET SINGH 46
21 16133 857327 HARISH CHANDER 46
22 16107 857328 HANISH BANSAL 48
23 16114 857329 GURJEET SINGH 47
24 16138 857330 GAURAV BINWAL 46
25 16136 857331 DEEPAK 47
26 16128 857332 ARSHDEEP SHARMA 46
27 16102 857333 AKASHDEEP SINGH 46