Be a Web Application Penetration Tester from Scratch

A perfect balance in theory and practical to earn 2000$ bug bounty programs as a Penetration Tester
3.5 (18 ratings) Instead of using a simple lifetime average, Udemy calculates a
course's star rating by considering a number of different factors
such as the number of ratings, the age of ratings, and the
likelihood of fraudulent ratings.
485 students enrolled
$150
Take This Course
  • Lectures 57
  • Contents Video: 5 hours
    Other: 9 mins
  • Skill Level All Levels
  • Languages English
  • Includes Lifetime access
    30 day money back guarantee!
    Available on iOS and Android
    Certificate of Completion
Wishlisted Wishlist

How taking a course works

Discover

Find online courses made by experts from around the world.

Learn

Take your courses with you and learn anywhere, anytime.

Master

Learn and practice real-world skills and achieve your goals.

About This Course

Published 4/2015 English

Course Description

Do you know that web application pentesters are earning 100's of dollars by submitting bugs to various reputed websites. Now there is a legal way by which you can report bugs and vulnerability to websites and in return you can get reward money.

What is this course about?

This is an ideal course to learn penetration testing from scratch. This course requires no coding skills yet you will be able to perform and create great reports on pentesting for clients. Pentesting is second highest paid job with lots of empty space according to Forbes.

Everyone is learning to create, someone has to take the responsibility to secure that creation.

Penetration testing is a step by step procedure to test an application for various security flaws. These flaws can compromise a website at various levels like database leak, client information leak or may involve monetary leak too.

A lot of new pentester learn a few slings to hack the application but approaching client in a formal way, doing a procedural pentest and documenting a report is a different game. In this course you will learn about all types of vulnerabilities, exploitation of web application, impact of flaws and finally we will cover the steps to write a report.

Traditional companies rely on Firewalls and network security. Attack vectors based on web application will not trigger alarm for it. Specially the new application that are based on CMS like wordpress are getting hacked often. A whole lot ground is covered in this course.

Updates in this course.

You might notice a few small topics being missed out. Web security is a big monster, that is why we have decided to roll out the course and in the mean while we will be updating the course on monthly basis. There will be no charge for extra lecture added but course prize may increase at latter stage.

No coding experience, No Prior Knowledge; Just start your journey as WEB APPLICATION PENTESTER.

What are the requirements?

  • No Coding required
  • basic knowledge of Website related Ternimologies
  • Kali Linux (available for free)
  • Virtual Player / Virtual Box

What am I going to get from this course?

  • Perform a penetration test over web applications
  • Every insights of pentesting as an Industry Standards
  • Write a formal pentesting report
  • Earn by hunting Bugs in Web applications
  • Helpful in students pursuing Master or Ph. D Degree in Information Security

What is the target audience?

  • Information Security Researchers
  • Web Developers
  • Start ups
  • Students
  • Security auditors
  • Bug hunter

What you get with this course?

Not for you? No problem.
30 day money back guarantee.

Forever yours.
Lifetime access.

Learn on the go.
Desktop, iOS and Android.

Get rewarded.
Certificate of completion.

Curriculum

Section 1: The Ultimate world of Pentesting Jargons
06:43

Pentesting is the method of finding bugs and vulnerabilities in any web based application. There are many types of pentesting and in this course we will take a look for web application pentesting. Although there are many types of pentesting but lets focus on web app pentesting in this course.

05:19

To learn any new topic, the first barrier is new terms. Once we are comfortable with new terminologies then we can understand the further course much better. Terms like vulnerabilities, exploitation are crucial in order to understand web application pentesting.

03:21

According to book guidance, pentesting is divided in various level on the amount of knowledge. Black box is considered as no prior knowledge level testing. In White box testing, pentester have great amount of knowledge from inside of the company team.

08:20

There are few fundamental rules while doing pentesting. What is your target, what kind of information that you need to grab for a client. Ask the client for the tools that are not allowed. Having this list will help to generate a nice report for the client.

05:17

Every pentester needs some tools under his belt. Most of the experienced pentester like to have custom designed or self designed automation tools. But there are few trusted and heavily used tools too. An ideal pentester should be atleast aware of all such tools

07:06

Just visiting the website and start hunting for XSS and sql injection is not a professional way to handle pentesting for clients. Don't ever do that. There are few definite steps that you need to follow. This video will help you to understand the importance of those steps.

08:13

OWASP aka Open Web Application Security Project is an initiative to make sure that all developers follow a guideline to secure their application. OWASP has also mentioned some major vulnerabilities or can be said as common mistakes, due to which most of the application are compromised.

01:23

This movie will talk about, what we have done so far in the course. It will help you to make sure that we all are on same page.

Section 2: Set up of the Home Lab
06:47

Installation might be tricky for various user as some of us are in windows and some are on MAC. This video will take all of us to the same page. MAC user can use Oracle Virtual Box and windows users can use Vm player to install kali as virtual Operating system. Having entire seperate machine as pentest lab is not prefered at all.

03:30

Although, if you have once installed Kali Linux on Virtual machines, then installing windows is not a big deal. But still we don't want you to leave in any kind of question. This movie will walk you through installation of windows based operating system in Virtual environment.

05:09

after installation of kali the first that you want to do is to take a quick look on how this operating system looks like. it's just a simple Debian based system having a lot of pentesting tools preinstalled. This makes all the thing as plug and play option.

3 pages

This movie will talk about, what we have done so far in the course. It will help you to make sure that we all are on same page.

Section 3: Lets learn reconnaissance
05:29

Having target is great but getting information about target is not that easy. Every small information like email and login page is of very high importance. IN pentesting gathering information requires fixed steps and there should also be time limit to gather information. You cannot dedicate endless time, waiting that some information will pop up.

06:01

For any initial research about target, Google is the best website to look for. But don't be narrow minded. There are lot of other websites like DuckDuckgo and Baidu. Make sure that you take use of all resources. If you are using google then make use that you are aware of google dorks for precised results.

07:24

As we were talking about google dorks, you should be aware of few website (discussed in the movie) so that you are all time aware of important and updated dorks of Google. Also we will talk about Shodan which is a unique search engine.

05:30

Many time to analyze any website, without triggering the alarm, we need to check out for few links and related stuff. We can do that by taking an offline copy of the site. For this we can use httrack, which is available for windows as well as Linux.

10:35

Zone transfer comprises a preamble followed by the actual data transfer. The preamble comprises a lookup of the Start of Authority (SOA) resource record for the "zone apex", the node of the DNS namespace that is at the top of the "zone". The fields of this SOA resource record, in particular the "serial number", determine whether the actual data transfer need occur at all.

06:02

Nmap (Network Mapper) is a security scanner originally written by Gordon Lyon (also known by his pseudonym Fyodor Vaskovich) used to discover hosts and services on a computer network, thus creating a "map" of the network. To accomplish its goal, Nmap sends specially crafted packets to the target host and then analyzes the responses.

03:14

It is important that you should be aware of tools but having too much dependencies on tools is surely going to lead into future problems. A real pentester is never dependent on tools but will always looking to create new tools for future use.

3 pages

This movie will talk about, what we have done so far in the course. It will help you to make sure that we all are on same page.

Section 4: Step by Step pentesting guide by OWASP
03:30

this entire section is dedicated to OWASP. It is easy to understand how tools works but tough to have a guideline that when to use which tool. This section will take you through step by step process of analyzing each phase of an application.

08:53

There are several different vendors and versions of web servers on the market today. Knowing the type of web server that is being tested significantly helps in the testing process and can also change the course of the test. Please note that it usually takes several different commands to accurately identify the web server, as different versions may react similarly to the same command.

05:14

Code review is probably the single-most effective technique for identifying security flaws. When used together with automated tools and manual penetration testing, code review can significantly increase the cost effectiveness of an application security verification effort.

05:36

A Web crawler is an Internet bot that systematically browses the World Wide Web, typically for the purpose of Web indexing. A Web crawler may also be called a Web spider, an ant, an automatic indexer, or (in the FOAF software context) a Web scutter.

Web search engines and some other sites use Web crawling or spidering software to update their web content or indexes of others sites' web content.

06:30

A filename extension is a suffix (separated from the base filename by a dot or space) to the name of a computer file applied to indicate the encoding (file format) of its contents or usage. Examples of filename extensions are .png, .jpeg, .exe, .dmg and .txt.

05:03

The Hypertext Transfer Protocol (HTTP) is designed to enable communications between clients and servers.

HTTP works as a request-response protocol between a client and server.

A web browser may be the client, and an application on a computer that hosts a web site may be the server.

Example: A client (browser) submits an HTTP request to the server; then the server returns a response to the client. The response contains status information about the request and may also contain the requested content.

04:02

identity management (IdM) describes the management of individual principals, their authentication, authorization, and privileges within or across system and enterprise boundaries with the goal of increasing security and productivity while decreasing cost, downtime and repetitive tasks.

The terms "Identity Management" and "Identity and Access Management" (or IAM) are used interchangeably in the area of Identity access management, while identity management itself falls under the umbrella of IT Security

04:00

When we design a new application, usually developer create some test accounts and at latter point, they forget to remove them. Make sure that every test account is disabled. Also look for crediantials in the code comments. Usually there is password of the account is lying there.

07:35

Credentials in cryptography establish the identity of a party to communication. Usually they take the form of machine-readable cryptographic keys and/or passwords. Cryptographic credentials may be self-issued, or issued by a trusted third party; in many cases the only criterion for issuance is unambiguous association of the credential with a specific, real individual or other entity

07:44

While most applications require authentication to gain access to private information or to execute tasks, not every authentication method is able to provide adequate security. Negligence, ignorance, or simple understatement of security threats often result in authentication schemes that can be bypassed by simply skipping the log in page and directly calling an internal page that is supposed to be accessed only after authentication has been performed.

04:35

A password policy is a set of rules designed to enhance computer security by encouraging users to employ strong passwords and use them properly. A password policy is often part of an organization's official regulations and may be taught as part of security awareness training. The password policy may either be advisory or mandated by technical means. Some governments have national authentication frameworks that define requirements for user authentication to government services, including requirements for passwords.

04:21

A security question is used as an authenticator by banks, cable companies and wireless providers as an extra security layer. Due to the commonplace nature of social-media, many of the older traditional security questions are no longer useful or secure. It is important to remember that a security question is just another password

06:58

File inclusion vulnerability is a type of vulnerability most often found on websites. It allows an attacker to include a file, usually through a script on the web server. The vulnerability occurs due to the use of user-supplied input without proper validation. This can lead to something as minimal as outputting the contents of the file or more serious events such as:

  1. Code execution on the web server
  2. Code execution on the client-side such as JavaScript which can lead to other attacks such as cross site scripting (XSS)
  3. Denial of service (DoS)
  4. Data theft/manipulation
03:25

Applications frequently use the actual name or key of an object when generating web pages. Applications don't always verify the user is authorized for the target object. This results in an insecure direct object reference flaw. Testers can easily manipulate parameter values to detect such flaws. Code analysis quickly shows whether authorization is properly verified.

06:44

In computer science, in particular networking, a session is a semi-permanent interactive information interchange, also known as a dialogue, a conversation or a meeting, between two or more communicating devices, or between a computer and user (see Login session). A session is set up or established at a certain point in time, and then torn down at some later point. An established communication session may involve more than one message in each direction. A session is typically, but not always, stateful, meaning that at least one of the communicating parts needs to save information about the session history in order to be able to communicate, as opposed to stateless communication, where the communication consists of independent requests with responses.

04:43

Most client-server sessions are maintained by the transport layer - a single connection for a single session. However each transaction phase of a Web/HTTP session creates a separate connection. Maintaining session continuity between phases required a session ID. The session ID is embedded within the <A HREF> or <FORM> links of dynamic web pages so that it is passed back to the CGI. CGI then uses the session ID to ensure session continuity between transaction phases. One advantage of one connection-per-phase is that it works well over low bandwidth (modem) connections. Deity used a sessionID, screenID and actionID to simplify the design of multiple phase sessions.

03:47

Cross-site request forgery, also known as a one-click attack or session riding and abbreviated as CSRF (sometimes pronounced sea-surf) or XSRF, is a type of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website trusts. Unlike cross-site scripting (XSS), which exploits the trust a user has for a particular site, CSRF exploits the trust that a site has in a user's browser.

02:20

a login or logon or sign in refers to the credentials required to obtain access to a computer system or other restricted area. Logging in or on and signing in or on is the process by which individual access to a computer system is controlled by identifying and authenticating the user through the credentials presented by the user.

Once a user has logged in, they can then log out or log off when access is no longer needed. To log out is to close off one's access to a computer system after having previously logged in.

08:09

SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker). SQL injection must exploit a security vulnerability in an application's software, for example, when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database.

3 pages

This movie will talk about, what we have done so far in the course. It will help you to make sure that we all are on same page.

Section 5: Automation tools for pentesting
06:13

Webshag is a multi-threaded, multi-platform web server audit tool. Written in Python, it gathers commonly useful functionalities for web server auditing like website crawling, URL scanning or file fuzzing.

Webshag can be used to scan a web server in HTTP or HTTPS, through a proxy and using HTTP authentication (Basic and Digest). In addition to that it proposes innovative IDS evasion functionalities aimed at making correlation between request more complicated (e.g. use a different random per request HTTP proxy server).

06:18

The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.

It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing.

ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.

09:32

WebSploit Advanced MITM Framework

  • Autopwn - Used From Metasploit For Scan and Exploit Target Service
  • wmap - Scan,Crawler Target Used From Metasploit wmap plugin
  • format infector - inject reverse & bind payload into file format
  • phpmyadmin Scanner
  • CloudFlare resolver
  • LFI Bypasser
  • Apache Users Scanner
  • Dir Bruter
  • admin finder
  • MLITM Attack - Man Left In The Middle, XSS Phishing Attacks
  • MITM - Man In The Middle Attack
  • Java Applet Attack
  • MFOD Attack Vector
  • ARP Dos Attack
  • Web Killer Attack
  • Fake Update Attack
  • Fake Access point Attack
  • Wifi Honeypot
  • Wifi Jammer
  • Wifi Dos
  • Wifi Mass De-Authentication Attack
  • Bluetooth POD Attack
04:15

In cryptography, a brute-force attack, or exhaustive key search, is a cryptanalytic attack that can, in theory, be used against any encrypted data (except for data encrypted in an information-theoretically secure manner). Such an attack might be used when it is not possible to take advantage of other weaknesses in an encryption system (if any exist) that would make the task easier. It consists of systematically checking all possible keys or passwords until the correct one is found. In the worst case, this would involve traversing the entire search space

08:01

The Social-Engineer Toolkit (SET) was created and written by the founder of TrustedSec. It is an open-source Python-driven tool aimed at penetration testing around Social-Engineering. SET has been presented at large-scale conferences including Blackhat, DerbyCon, Defcon, and ShmooCon. With over two million downloads, SET is the standard for social-engineering penetration tests and supported heavily within the security community.

Section 6: Documenting the Pentesting report
06:14

Security is not at all top priority

Too much v/s Too less

100$-200$ per hour; APP: 2000$-3000$

We will alo talk about standards of audit report

05:13

Steps:

  1. Approach and meeting.
2. Presentation for importance of security
3. Signing the confidentiality statement
4. <Steps mention in course>
5. Project review
6. Rough Draft for scanning and vulnerabilities
7. Review and Final Draft
8. Remedies
10:44

In this movie we will create a formal report. WHile creating formal report, we should take care about the format. A detailed format is mentioned in this movie that will help you to prepare good report.

Section 7: Web app pentesting project 1
07:09

In this movie we will install a deliberately vulnerable for testing purposes. Make sure that you are not connected to internet while running this machine as this machine is vulnerable and any other attacker may get into your system. All resource are available for free.

08:01

When password guessing, this method is very fast when used to check all short passwords, but for longer passwords other methods such as the dictionary attack are used because of the time a brute-force search takes.

When key guessing, the key length used in the cipher determines the practical feasibility of performing a brute-force attack, with longer keys exponentially more difficult to crack than shorter ones.

04:21

arbitrary code execution is used to describe an attacker's ability to execute any commands of the attacker's choice on a target machine or in a target process. It is commonly used in arbitrary code execution vulnerability to describe a software bug that gives an attacker a way to execute arbitrary code. A program that is designed to exploit such a vulnerability is called an arbitrary code execution exploit. Most of these vulnerabilities allow the execution of machine code and most exploits therefore inject and execute shellcode to give an attacker an easy way to manually run arbitrary commands. The ability to trigger arbitrary code execution from one machine on another (especially via a wide-area network such as the Internet) is often referred to as remote code execution.

07:13

The attack works by including a link or script in a page that accesses a site to which the user is known (or is supposed) to have been authenticated. For example, one user, Alice, might be browsing a chat forum where another user, Mallory, has posted a message.

02:58

File inclusion vulnerability is a type of vulnerability most often found on websites. It allows an attacker to include a file, usually through a script on the web server. The vulnerability occurs due to the use of user-supplied input without proper validation. This can lead to something as minimal as outputting the contents of the file

04:07

With most development platforms, parameterized statements that work with parameters can be used (sometimes called placeholders or bind variables) instead of embedding user input in the statement. A placeholder can only store a value of the given type and not an arbitrary SQL fragment. Hence the SQL injection would simply be treated as a strange (and probably invalid) parameter value.

In many cases, the SQL statement is fixed, and each parameter is a scalar, not a table. The user input is then assigned (bound) to a parameter

04:35

Website defacement is an attack on a website that changes the visual appearance of the site or a webpage. These are typically the work of system crackers, who break into a web server and replace the hosted website with one of their own. Defacement is generally meant as a kind of electronic graffiti, although recently it has become a means to spread messages by politically motivated "cyber protesters" or hacktivists.

Section 8: Web app pentesting project 2
05:31

Lets practice on a bit detailed platform then the last one. Web Goat is currently very broad aplication to practice vulnerabilities. You can download the 7zip version of the application or if you want the other file type, then installtion steps will very a little

Section 9: Summary
01:11

Writing an end to this course is not at all possible. We will be adding more videos in this course on monthly basis so that you can get updates on modern attack vectors.

5 questions

This will only ask for simple question so that we can understand that everyone is on same track and watching the lecture with full concentration

Students Who Viewed This Course Also Viewed

  • Loading
  • Loading
  • Loading

Instructor Biography

Igneus Technologies, Best Comprehensive Courses

We at Igneus have trained students from IIT's, NIT's and reputed companies. Students from all over the globe have trusted our High quality and affordable trainings from 10+ countries and have opted for our Certification programs.

IGNEUS stands for the Revolutionary and a quality enhanced change that we’ve tried to come up with in the modern world of Internet education. We’ve come up bearing in mind the maximum emphasis on the quality dealing with every new technology which has made us distinguished from the throng at internet. And this revolution of choice will keep continuing. Today IGNEUS Technologies has proudly lifting up the tag of being the world's most trusted provider of myriad of services and training programs aiding constantly in every corner of the globe along with web security aspects, and open source technology.

IGNEUS Technologies Pvt. Ltd is a dream shared and brought up by two computer geniuses to make the society upgraded and aware of the cyber crimes that curb the innocence of environment, thus starting a revolution in favor of cyber security.

Igneus stands for the Revolutionary and a quality enhanced change in every aspect of its touch to internet. Quality dealing with every new technology makes us different from the crowd of internet. The revolution of choice continues. Today Igneus Technologies is the world's most trusted provider of mentioned services and training along with web security aspects, and open source technology.

Ready to start learning?
Take This Course