
This is the first video of our "Common Web Vulnerabilities and How to exploit them" course. In this video we will see what you will get out of this course and for whom this course is suitable for.
As this course's main focus is web application penetration testing, we will review what that is.
In this lecture, we will be learning about different components of a web application and how everything is put together.
In this lecture, we will understand how the HTTP protocol works and what HTTPS is.
In this lecture, we will go over client-side and server-side technologies. We will also dig into REST APIs.
In this lecture, we will explore why building a lab environment is beneficial. Furthermore we will get to know the architecture of our lab environment.
In this lecture, we will download and import Kali Linux into Virtualbox. Furthermore, we will create a NAT Network for our lab environment. Finally, we will configure Kali Linux.
In this lecture, we will install and configure OWASP Juice Shop with Docker on Kali Linux.
In this lecture, we will install and configure Damn Vulnerable Web App (DVWA) with Docker on Kali Linux. We will also have a brief look into the application.
In this lecture, we will learn about Insecure Direct Object References (IDORs), how to find and exploit them, and how to protect against them.
In this lecture, we will learn about Stored, Reflected, and DOM-based XSS, as well as how to prevent it. We will also exploit the vulnerabilities in OWASP Juice Shop and DVWA.
In this lecture, we will learn about SQL Injection and exploit it in OWASP Juice Shop.
In this lecture, we will learn about local file inclusion vulnerabilities and how to exploit them in DVWA.
In this lecture, we will learn about command injection and how to prevent it. Furthermore, we will exploit a command injection flaw in DVWA.
In this lecture, we will learn about open redirect vulnerabilities, how to prevent them, and how to exploit them in DVWA.
In this lecture, we will go over a vulnerability called Cross-Site-Request-Forgery. After understanding what a CSRF vulnerability is, we will exploit one in the DVWA. Finally, we will learn how to prevent CSRF vulnerabilities.
This lecture will inspect unrestricted file upload vulnerabilities and how they arise. We will also exploit a file upload vulnerability in DVWA and bypass a simple filter. Furthermore, we will learn how to prevent file upload vulnerabilities.
This is the last video of this course and we will discuss what we have learned and where to go from here.
Companies are relying on web applications to promote their business and services. These web applications are often very complex and yield a high attack service. Often these web applications are accessible from the internet. Additionally, these web applications are handling sensitive data, which will seriously harm a company's reputation if leaked. Even though given these facts, many web applications are still poorly secured. It was never easier for attackers to hack confidential company data and seriously harm a business.
Therefore there is a high need for cyber security professionals that protect these web applications from malicious attackers. To be proficient in web application security, a student needs to know the fundamentals of the web, before diving into web application vulnerabilities. Also, a student needs to practice their skills in a dedicated lab.
This course goes over common web application vulnerabilities and how to exploit them. In this course you will learn about:
Web Application Penetration Testing
Web Application Technologies
Building a dedicated web application penetration testing lab
Common web vulnerabilities, why they occur, how to exploit them, and how to remediate them
Exploiting vulnerabilities with Kali Linux and Burp Suite
What to learn next
This course is suited for beginners in cyber security who want to make their first learning steps toward web application security.