Student profile

B.Voc(CS)-3 (2023-24)
S Roll Categ Contact
No No Reg No. Student Name ory Father's Name Mother's Name No.
1610 5111-2021- PARDEEP 9417972
1 1 493 SINGH BC JAGGA SINGH RANI KAUR 867
1610 5111-2021- AKASHDEEP 9877006
2 2 494 SINGH SC BALJEET SINGH GURPREET KAUR 950
1610 5111-2021- JASKARAN 9815706
3 3 495 SINGH BC AMRIK SINGH KARMJEET KAUR 694
1610 5111-2021- GENER 9915526
4 4 496 OSHEEN GARG AL VIJAY KUMAR PARVEEN BOBY 474
1610 5111-2021- SEHAJPREET GENER GURDEASH 9872350
5 5 497 KAUR AL JASPAL SINGH KAUR 158
1610 5111-2021- HANISH GENER 9878298
6 7 499 BANSAL AL RAJESH KUMAR KIRNA RANI 231
1610 5111-2021- GENER 8699611
7 8 500 MOHIT GARG AL AMAR KUMAR NEERAJ BALA 625
1610 5111-2021- GENER 8699281
8 9 501 YASH AL RAJ KUMAR SUNITA 587
1611 5111-2021- NARESH 9872711
9 0 502 KUMAR SC SUBHASH CHAND KANTA DEVI 963
1611 5111-2021- SUKHDEEP 9417889
10 1 503 SINGH BC JASKARAN SINGH GURJEET KAUR 005
1611 5111-2020- BALWINDER 9872621
11 3 322 HAMEET KAUR SC SATNAM SINGH KAUR 125
1611 5111-2021- GURJEET SAWARNJEET 9815365
12 4 505 SINGH SC FOUJA SINGH KAUR 131
1611 5111-2021- HARJEET 7740000
13 5 506 SINGH BC GURLAL SINGH SARABJIT KAUR 857
1611 5111-2021- KUMARI 9679004
14 6 507 SANJANA SC BULLA SHAH BILLO RANI 088
1611 5111-2021- PARAMJEET 7652809
15 9 510 BEANT KAUR SC BINDER SINGH KAUR 815
1612 5111-2021- SUKHPREET 7657889
16 0 511 KAUR SC BHAPPA SINGH JASVFEER KAUR 499
1612 5111-2021- HUSANDEEP GENER 6280235
17 4 515 SINGH AL TARSEM SINGH SARABJIT KAUR 611
1612 5111-2021- GENER 7814133
18 6 517 KUNAL KUMAR AL RAMESH KUMAR SONIA RANI 788
1612 5111-2021- LOVEPREET GENER 9877419
19 7 556 HARRY AL BHUSHAN KUMAR HARMESH RANI 877
1612 5111-2021- ARSHDEEP GENER 7888648
20 8 554 SHARMA AL DARSHAN KUMAR KRISHMA DEVI 094
1612 5111-2021- GENER 9781102
21 9 558 PARNEET KAUR AL BHUPINDER SINGH RAJINDER KAUR 317
1613 5111-2021- GENER KULWINDER 9780374
22 0 555 HARJOT KAUR AL KULBIR SINGH KAUR 760
1613 5111-2021- HARISH SPORT 1234567
23 3 564 CHANDER S GAJE SINGH POONAM 890
1613 5111-2021- SPORT 1234567
24 5 562 SONU S SOMBIR SUNITA 890
1613 5111-2021- SPORT 5555555
25 6 545 DEEPAK S SOMBIR PUNIA SUNITA 555
26 1613 5111-2021- GAURAV SPORT GAURI SHANKAR PUSHPA BINWAL 9777937
 8 480 BINWAL S BINWAL 690
1614 5111-2019- KOMALPREET MANJINDER SINGH RAVNEET KAUR 9592330
27 0 1389 KAUR BC JOURA JOURA 260

Time Table
Time Table 2023-24
S. Name I II III IV V VI
no
1 Gurdeep B.Voc(CS)- PGDCA B.Voc(CS)-3 B.Voc(CS)-3 B.Voc(SD)- MCA-2
kaur 1 FOC IT & E- Penetration Penetration 2+MSC-IT- Artificial
commerce testing testing-LAB 2+ MSc-It Intelligence
Le C++ LAB

Syllabus
4. Action Plain of syllabus to be covered (Monthly distribution, Weekly distribution)
LECTURE DISTRIBUTION
 Section A
Penetration testing process:
Pre engagement
Methodologies,
Reporting
Introduction to web applications:
HTTP/S protocol basics,
Encoding
Same origin
Cookies, sessions
Web application proxies
Information gathering:
Gathering information on your target
Infrastructure,
fingerprinting framework and applications
fingerprinting custom applications
enumerating resources
relevant information through misconfigurations
google hacking,
shadon HQ
Cross site scripting:
Cross site scripting
Anatomy of an XSS exploitation
Three type of XSS,
Finding XSS
XSS exploitation,
Mitigation
SQL injection:
Introduction to SQL injection
Finding SQL injection
Exploitation in band SQL injection
Exploiting error based SQL injection
Exploiting blind SQLi,
SQL map
Mitigation strategies,
from SQLi to server takeover
Authentication and authorization
Introduction,
common vulnerabilities,
Bypassing authorization
Session security:
Weakness of session identifier
Session hijacking
Session fixation
Cross site request forgeries
 SECTION B
Flash security:
Introduction, Flash security model
Flash vulnerability,
pen testing flash application
HTML5:
Cross origin resource shearing
cross window messaging
Web storage,
web socket
Sand frames
File and resource attacks:
Path traversal,
File inclusion vulnerability
Unrestricted file upload
Other attacks:
Click jacking,
HTTP response splitting
.Business logic flow,
Denial of services
Web services:
Introduction,
web services implementations
The WSDL language and attacks
X Path :
XML documents and databases
X Path,
detecting X Path injection
Exploitation,
best defensive technique

5. Weekly Lesson Plan

Weekly lesson plan
Teaching aid
Date Class Subject Topic covered
used

17-08- B.VOC(CS Penetratio Pre engagement

Whiteboard
2023 ) -3 n testing

18-08- B.VOC(CS Penetratio Methodologies,

Whiteboard
2023 ) -3 n testing

19-08- B.VOC(CS Penetratio Reporting

Whiteboard
2023 ) -3 n testing
21-08- B.VOC(CS Penetratio HTTP/S protocol basics,
Whiteboard
2023 ) -3 n testing

22-08- B.VOC(CS Penetratio Encoding

Whiteboard
2023 ) -3 n testing

24-08- B.VOC(CS Penetratio Same origin

Whiteboard
2023 ) -3 n testing

25-08- B.VOC(CS Penetratio Cookies, sessions

Whiteboard
2023 ) -3 n testing

26-08- B.VOC(CS Penetratio Web application proxies

Whiteboard
2023 ) -3 n testing

28-08- B.VOC(CS Penetratio Gathering information on your target

Whiteboard
2023 ) -3 n testing

29-08- B.VOC(CS Penetratio Infrastructure,

Whiteboard
2023 ) -3 n testing

31-08- B.VOC(CS Penetratio

fingerprinting framework and applications Whiteboard
2023 ) -3 n testing

01-09- B.VOC(CS Penetratio

fingerprinting custom applications Whiteboard
2023 ) -3 n testing

02-09- B.VOC(CS Penetratio enumerating resources

Whiteboard
2023 ) -3 n testing

06-09- B.VOC(CS Penetratio relevant information through misconfigurations

Whiteboard
2023 ) -3 n testing
 08-09- B.VOC(CS Penetratio
google hacking, Whiteboard
2023 ) -3 n testing

11-09- B.VOC(CS Penetratio

shadon HQ Whiteboard
2023 ) -3 n testing

12-09- B.VOC(CS Penetratio

Cross site scripting Whiteboard
2023 ) -3 n testing

13-09- B.VOC(CS Penetratio

Anatomy of an XSS exploitation Whiteboard
2023 ) -3 n testing

14-09- B.VOC(CS Penetratio

Three type of XSS, Whiteboard
2023 ) -3 n testing

15-09- B.VOC(CS Penetratio

Finding XSS Whiteboard
2023 ) -3 n testing

16-09- B.VOC(CS Penetratio XSS exploitation,

Whiteboard
2023 ) -3 n testing

18-09- B.VOC(CS Penetratio

Whiteboard
2023 ) -3 n testing
Mitigation

19-09- B.VOC(CS Penetratio

Introduction to SQL injection Whiteboard
2023 ) -3 n testing

20-09- B.VOC(CS Penetratio

Finding SQL injection Whiteboard
2023 ) -3 n testing

21-09- B.VOC(CS Penetratio

Exploitation in band SQL injection Whiteboard
2023 ) -3 n testing

22-09- B.VOC(CS Penetratio

Exploiting error based SQL injection Whiteboard
2023 ) -3 n testing

23-09- B.VOC(CS Penetratio

Exploiting blind SQLi, Whiteboard
2023 ) -3 n testing

25-09- B.VOC(CS Penetratio

SQL map Whiteboard
2023 ) -3 n testing

B.VOC(CS Penetratio Mitigation strategies,

26-09- Whiteboard
) -3 n testing
2023
 B.VOC(CS Penetratio
28-09- Whiteboard
) -3 n testing
2023 from SQLi to server takeover

B.VOC(CS Penetratio
29-09- Introduction, Whiteboard
) -3 n testing
2023

B.VOC(CS Penetratio
30-09- common vulnerabilities, Whiteboard
) -3 n testing
2023

B.VOC(CS Penetratio
03-10- Bypassing authorization Whiteboard
) -3 n testing
2023

B.VOC(CS Penetratio
04-10- Weakness of session identifier Whiteboard
) -3 n testing
2023

B.VOC(CS Penetratio
05-10- Session hijacking Whiteboard
) -3 n testing
2023

B.VOC(CS Penetratio
06-10- Session fixation Whiteboard
) -3 n testing
2023

B.VOC(CS Penetratio
07-10- Cross site request forgeries Whiteboard
) -3 n testing
2023

B.VOC(CS Penetratio
10-10- Introduction, Flash security model Whiteboard
) -3 n testing
2023

B.VOC(CS Penetratio Flash vulnerability,

11-10- Whiteboard
) -3 n testing
2023

B.VOC(CS Penetratio pen testing flash application

12-10- Whiteboard
) -3 n testing
2023

B.VOC(CS Penetratio Cross origin resource shearing

13-10- Whiteboard
) -3 n testing
2023

B.VOC(CS Penetratio cross window messaging

14-10- Whiteboard
) -3 n testing
2023

B.VOC(CS Penetratio Web storage,

16-10- Whiteboard
) -3 n testing
2023

B.VOC(CS Penetratio web socket

17-10- Whiteboard
) -3 n testing
2023
 B.VOC(CS Penetratio Sand frames
19-10- Whiteboard
) -3 n testing
2023

B.VOC(CS Penetratio Path traversal,

20-10- Whiteboard
) -3 n testing
2023

B.VOC(CS Penetratio File inclusion vulnerability

21-10- Whiteboard
) -3 n testing
2023

B.VOC(CS Penetratio Unrestricted file upload

25-10- Whiteboard
) -3 n testing
2023

B.VOC(CS Penetratio Click jacking,

26-10- Whiteboard
) -3 n testing
2023

B.VOC(CS Penetratio HTTP response splitting

27-10- Whiteboard
) -3 n testing .
2023
Business logic flow,
B.VOC(CS Penetratio
30-10- Whiteboard
) -3 n testing
2023

B.VOC(CS Penetratio
31-10- Denial of services Whiteboard
) -3 n testing
2023

B.VOC(CS Penetratio
01-11- Introduction, Whiteboard
) -3 n testing
2023

B.VOC(CS Penetratio
02-11- web services implementations Whiteboard
) -3 n testing
2023

B.VOC(CS Penetratio
03-11- The WSDL language and attacks Whiteboard
) -3 n testing
2023

B.VOC(CS Penetratio
04-11- XML documents and databases Whiteboard
) -3 n testing
2023

B.VOC(CS Penetratio
06-11- X Path, Whiteboard
) -3 n testing
2023

B.VOC(CS Penetratio
07-11- detecting X Path injection Whiteboard
) -3 n testing
2023

B.VOC(CS Penetratio Exploitation,

08-11- Whiteboard
) -3 n testing
2023
 B.VOC(CS Penetratio
09-11- Whiteboard
) -3 n testing
2023 best defensive technique

B.VOC(CS Penetratio
10-11- Whiteboard
) -3 n testing
2023 best defensive technique

5. Recommended Reference Books:

1. Georgia Weidman, “Penetration testing”

6. Lecture division (Lecture Statement)

Class-B.Voc(CS)-3 sem-V, Attendance record

Subject- Penetration Testing
Total Lectures Delivered=62
S Roll Aug(12 Sept(21 OCT(20 Nov(9
Student Name
No No ) ) ) )
1 16101 PARDEEP SINGH 11 18 17 8
2 16102 akashdeep singh 10 19 17 8
3 16103 JASKARAN SINGH 9 18 18 7
4 16104 osheen garg 10 18 19 8
5 16105 sehajpreet kaur 12 18 17 7
6 16107 HANISH BANSAL 12 20 18 9
7 16108 MOHIT GARG 10 19 17 8
8 16109 YASH 11 19 17 8
9 16110 NARESH KUMAR 10 19 17 8
10 16111 SUKHDEEP SINGH 11 18 17 7
11 16113 hAMEET KAUR 11 18 18 8
12 16114 GURJEET SINGH 10 19 18 8
13 16115 HARJEET SINGH 10 19 17 8
14 16116 kumari sanjana 10 20 18 8
15 16119 BEANT KAUR 11 19 18 7
16 16120 SUKHPREET KAUR 11 19 20 8
17 16124 husandeep Singh 11 20 18 8
18 16126 kunal kumar 10 18 18 7
19 16127 lovepreet harry 12 18 18 7
20 16128 ARSHDEEP sharma 10 19 18 8
21 16129 PARNEET KAUR 10 18 17 7
22 16130 HARJOT KAUR 11 19 18 8
23 16133 HARISH CHANDER 11 19 18 7
24 16135 sonu 11 19 18 8
25 16136 deepak 11 18 17 7
26 16138 gaurav binwal 10 18 17 7
27 16140 KOMALPREET KAUR -- 18 18 8
7. Detail of Weak and Brilliant Students
LIST OF INTELLIGENT STUDENTS:
Osheen, Hanish

LIST OF WEAK STUDENTS:

Yash, Naresh

8.Record of Internal Assessment and Evaluation:

The break-up of marks for the internal assessment for theory papers except B.VCS-313 will be as
under:
i. One or two tests out of which minimum one best will be considered for assessment. 24 Marks
ii. Attendance 8 Marks
iii. Class participation/behaviour/assignment 8 Marks

Department of Computer Science

B.Voc-CS-3 (Semester- 5) Internal Assessment DEC 2023
SUBJECT:BCSB3103T Penetration Testing
Teacher's Name: Gurdeep Kaur
Sr. college_r Exam_Ro name Average Attenda Written Tot
no ollno llNo of Both nce (8) assignment/P al
mid roject work (40)
semester etc. (8)
tests/Inte
rnal
Examina
tion (24)
KOMALPREET
1 18116 KAUR 21 8 8 37
SUKHPREET
2 16120 857301 KAUR 21 8 8 37
SEHAJPREET
3 16105 857302 KAUR 21 8 8 37
OSHEEN
4 16104 857303 GARG 23 8 8 39
KUMARI
5 16116 857304 SANJANA 23 8 8 39
JASKARAN
6 16103 857305 SINGH 20 8 8 36
7 16130 857306 HARJOT KAUR 19 8 8 35
HAMEET
8 16113 857308 KAUR 22 8 8 38
9 16119 857309 BEANT KAUR 21 8 8 37
10 16109 857310 YASH 19 8 8 35
SUKHDEEP
11 16111 857312 SINGH 22 8 8 37
12 16135 857313 SONU 20 8 8 36
13 16129 857317 PARNEET 21 8 8 37
 KAUR
PARDEEP
14 16101 857318 SINGH 20 8 8 36
NARESH
15 16110 857319 KUMAR 20 8 8 36
16 16108 857320 MOHIT GARG 19 8 8 35
LOVEPREET
17 16127 857321 HARRY 21 8 8 37
KUNAL
18 16126 857322 KUMAR 21 8 8 37
HUSANDEEP
19 16124 857324 SINGH 22 8 8 38
HARJEET
20 16115 857326 SINGH 21 8 8 37
HARISH
21 16133 857327 CHANDER 20 8 8 36
HANISH
22 16107 857328 BANSAL 22 8 8 38
GURJEET
23 16114 857329 SINGH 20 8 8 36
GAURAV
24 16138 857330 BINWAL 20 8 8 36
25 16136 857331 DEEPAK 20 8 8 36
ARSHDEEP
26 16128 857332 SHARMA 21 8 8 37
AKASHDEEP
27 16102 857333 SINGH 20 8 8 36

Software lab

Department of Computer Science

B.Voc-CS-3 (Semester- 5) Internal Assessment DEC 2022
SUBJECT:BCSB3106L Software Lab-X Penetration Testing
Teacher's Name: Gurdeep Kaur
College Exam
Total(50)
Sr No Rollno RollNo Name
1 18116 KOMALPREET KAUR 47
2 16120 857301 SUKHPREET KAUR 46
3 16105 857302 SEHAJPREET KAUR 47
4 16104 857303 OSHEEN GARG 48
5 16116 857304 KUMARI SANJANA 49
6 16103 857305 JASKARAN SINGH 46
7 16130 857306 HARJOT KAUR 47
8 16113 857308 HAMEET KAUR 49
9 16119 857309 BEANT KAUR 48
10 16109 857310 YASH 46
11 16111 857312 SUKHDEEP SINGH 45
12 16135 857313 SONU 45
 13 16129 857317 PARNEET KAUR 46
14 16101 857318 PARDEEP SINGH 47
15 16110 857319 NARESH KUMAR 47
16 16108 857320 MOHIT GARG 46
17 16127 857321 LOVEPREET HARRY 46
18 16126 857322 KUNAL KUMAR 45
19 16124 857324 HUSANDEEP SINGH 48
20 16115 857326 HARJEET SINGH 46
21 16133 857327 HARISH CHANDER 46
22 16107 857328 HANISH BANSAL 48
23 16114 857329 GURJEET SINGH 47
24 16138 857330 GAURAV BINWAL 46
25 16136 857331 DEEPAK 47
26 16128 857332 ARSHDEEP SHARMA 46
27 16102 857333 AKASHDEEP SINGH 46

B.VOC(CS)-3 Penetration testing

Semester - 5 Session -2023-24
Maximum marks : 25
Attempt any one question from section A and B and C section is compulsory.

Section- A
Q1.Explain penetration testing and its phases.
Q2. What is SQL injection ? Write about its types. 1*8=8
Section- B
Q3. Explain fingerprinting frame work and its applications.
Q4. Explain proxy server. 1*8=8
Section –C
Q5.(a) Authentication
(b) Session security
(c) XSS 3*3=9

Class-B.Voc(CS)-3 sem-V
Subject- Penetration Testing
MST-1
S Roll
Student Name Total marks(25)
No No
1 16101 PARDEEP SINGH
2 16102 akashdeep singh
3 16103 JASKARAN SINGH
4 16104 osheen garg 21
5 16105 sehajpreet kaur
6 16107 HANISH BANSAL 19
7 16108 MOHIT GARG
 8 16109 YASH
9 16110 NARESH KUMAR
10 16111 SUKHDEEP SINGH
11 16113 hAMEET KAUR 20
12 16114 GURJEET SINGH
13 16115 HARJEET SINGH
14 16116 kumari sanjana 22
15 16119 BEANT KAUR 20
16 16120 SUKHPREET KAUR 18
17 16124 husandeep Singh 19
18 16126 kunal kumar
19 16127 lovepreet harry
20 16128 ARSHDEEP sharma
21 16129 PARNEET KAUR 17
22 16130 HARJOT KAUR
23 16133 HARISH CHANDER
24 16135 sonu
25 16136 deepak
26 16138 gaurav binwal
27 16140 KOMALPREET KAUR 15

B.VCS- 313 Penetration Testing

Semester (V) Session 2023-24
Maximum marks: 60 Maximum Time: 3Hrs
Attempt any two questions from section A and B and section C is compulsory.
Section- A
1.What is penetration testing process? Define penetration testing stages.
2.Explain information gathering process in brief.
3. What is SQL injection? What is the impact of a successful SQL injection attack?
4.What is session security? Define session hijacking? 2*9=18
Section B
5.Define cross origin resource shearing and cross window messaging.
6. What do mean by X path? How to detect X path injection?
7.What are web services? What is the difference between web application and web service?
8.Explain file and resource attack in detail. 2*9=18
Section –C
9. Attempt all questions:
i. What is the difference between authentication and authorization?
ii. Define web socket?
iii. What do you mean by denial of services?
iv. What is the difference between XML and HTML?
v. What do you mean by web application proxies?
vi. What are white hat hackers?
vii. What is click jacking attack?
viii. What do you mean by unrestricted file upload?
ix. What are protocols?
x. What is cross site scripting?
 xi. What do you mean by session fixation?
xii. What is http response splitting? 12*2=24

Class-B.Voc(CS)-3 sem-V
Subject- Penetration Testing
MST-2
S Roll
Student Name Total marks(60)
No No
1 16101 PARDEEP SINGH
2 16102 akashdeep singh
3 16103 JASKARAN SINGH
4 16104 osheen garg 41
5 16105 sehajpreet kaur
6 16107 HANISH BANSAL 20
7 16108 MOHIT GARG 00
8 16109 YASH 00
9 16110 NARESH KUMAR 00
10 16111 SUKHDEEP SINGH 33
11 16113 hAMEET KAUR 43
12 16114 GURJEET SINGH
13 16115 HARJEET SINGH 00
14 16116 kumari sanjana 57
15 16119 BEANT KAUR 49
16 16120 SUKHPREET KAUR
17 16124 husandeep Singh 09
18 16126 kunal kumar
19 16127 lovepreet harry
20 16128 ARSHDEEP sharma
21 16129 PARNEET KAUR 36
22 16130 HARJOT KAUR
23 16133 HARISH CHANDER
24 16135 sonu
25 16136 deepak
26 16138 gaurav binwal
27 16140 KOMALPREET KAUR 29