Complete Web Application Hacking & Penetration Testing
4.3 (244 ratings)
Course Ratings are calculated from individual students’ ratings and a variety of other signals, like age of rating and reliability, to ensure that they reflect course quality fairly and accurately.
2,146 students enrolled

Complete Web Application Hacking & Penetration Testing

Learn hacking web applications, hacking websites and penetration test with my ethical hacking course and becomer Hacker
4.3 (244 ratings)
Course Ratings are calculated from individual students’ ratings and a variety of other signals, like age of rating and reliability, to ensure that they reflect course quality fairly and accurately.
2,146 students enrolled
Created by Muharrem AYDIN
Last updated 4/2020
English
English [Auto-generated]
Current price: $139.99 Original price: $199.99 Discount: 30% off
5 hours left at this price!
30-Day Money-Back Guarantee
This course includes
  • 9 hours on-demand video
  • Full lifetime access
  • Access on mobile and TV
  • Certificate of Completion
Training 5 or more people?

Get your team access to 4,000+ top Udemy courses anytime, anywhere.

Try Udemy for Business
What you'll learn
  • Advanced Web Application Penetration Testing
  • Terms, standards, services, protocols and technologies
  • Setting up Virtual Lab Environment
  • Software and Hardware Requirements
  • Modern Web Applications
  • Web Application Architectures
  • Web Application Hosting
  • Web Application Attack Surfaces
  • Web Application Defenses
  • Core technologies
  • Web Application Proxies
  • Whois Lookup
  • DNS Information
  • Subdomains
  • Discovering Web applications on the Same Server
  • Web Crawling and Spidering - Directory Structure
  • Authentication Testing
  • Brute Force and Dictionary Attacks
  • Cracking Passwords
  • CAPTCHA
  • Identifying Hosts or Subdomains Using DNS
  • Authorization Testing
  • Session Management Testing
  • Input Validation Testing
  • Testing for Weak Cryptography
  • Client Side Testing
  • Browser Security Headers
  • Using Known Vulnerable Components
  • Bypassing Cross Origin Resource Sharing
  • XML External Entity Attack
  • Attacking Unrestricted File Upload Mechanisms
  • Server-Side Request Forgery
  • Creating a Password List: Crunch
  • Attacking Insecure Login Mechanisms
  • Attacking Improper Password Recovery Mechanisms
  • Attacking Insecure CAPTCHA Implementations
  • Inband SQL Injection over a Search Form
  • Inband SQL Injection over a Select Form
  • Time Based Blind SQL Injection
Requirements
  • A computer with internet connection
  • Operating System: Windows / OS X / Linux
  • 6 GB ram/memory
  • Be familiar with web sites and general technology. That`s all!
Description

Hello,

Welcome to my Complete Web Application Hacking & Penetration Testing course.

Web Applications run the world. From social media to business applications almost every organization has a web application and does business online. So, we see a wide range of applications being delivered every day.

In this course, you will learn how to use black hat hacker tools and follow their ways to compromise Web Applications. 

This course will take you from beginner to advance level. You will learn Web Application Hacking & Penetration Testing step-by-step with hands-on demonstrations.

We are going to start by figuring out what the security issues are that are currently in the field and learn testing methodologies and types.  Then we are going to build a lab environment for you to apply what you get from the course and of course, the lab is gone cost you nothing. Then we are going to start with some theory, you know, you should have the philosophy so we can always stay on the same page.

Basic web and internet technologies such as HTML, HTTP, Document Object Model and so on, these are absolutely needed so that we can complete testing experience.  And then we are gonna cover the reconnaissance section, we will gather information about the target and how to use that information to model an attack.  After that, we will tackle the user management issues.  Apart from that, we will also try to expose the session management problems.

In the input validation section, we are gonna show why data validation is absolutely important for web applications. So attacks such as Cross-Site Scripting, SQL Injection and many more we are gonna examine the whole bunch of different types. We also have a cryptography section with some basic attacks. After that, we will discuss some known web application attacks (such as Drupal SQL injection aka Druppageddon).

At the end of the course, you will learn;

  • Testing Methodologies and Types,

  • Basic Web and Internet Technologies such as HTML, HTTP, Document Object Model and so on,

  • To Gather Information About the Target and Use This Information to Model an Attack.

  • User Management Issues.

  • Exposing The Session Management Problems.

  • Data Validation

  • Attacks such as Cross-Site Scripting, SQL Injection and many more

  • Some Basic Attacks in Cryptography

  • Web Application Attacks Such As Drupal SQL injection ( aka Druppageddon )

  • And More to Enrich Your Penetration Testing Skills.

Video and Audio Production Quality

All our videos are created/produced as high-quality video and audio to provide you the best learning experience.

You will be,

  • Seeing clearly

  • Hearing clearly

  • Moving through the course without distractions

You'll also get:

✔ Lifetime Access to The Course

✔ Fast & Friendly Support in the Q&A section

✔ Udemy Certificate of Completion Ready for Download

Dive in now!

We offer full support, answering any questions.

See you in the course!

IMPORTANT: This course is created for educational purposes and all the information learned should be used when the attacker is authorized.



Who this course is for:
  • Anybody who is interested in learning web application hacking
  • Anybody who is interested in learning penetration testing
  • Anybody who wants to become a penetration tester
  • Anybody who wants to learn how hackers hack web applications and websites
  • Anyone who are developing web so that they can create secure web applications
Course content
Expand all 83 lectures 08:48:47
+ Welcome to Advanced Web Application Penetration Testing
6 lectures 36:09
Current Issues of Web Security
08:52
Principles of Testing
05:28
Types of Security Testing
09:43
Guidelines for Application Security
05:57
Laws and Ethic
02:52
+ Setting Up Virtual Lab Environment
5 lectures 37:30
Requirements and Overview of Lab
03:54
Installing VMware Workstation Player
07:32
Installing Kali Linux
10:44
Installing Vulnerable Virtual Machine: BeeBox
08:03
Connectivity and Snapshots
07:17
+ Modern Web Applications
16 lectures 01:26:40
Modern Technology Stack
03:05
Client-Server Architecture
03:54
Running a Web Application
02:17
Core Technologies: Web Browsers
09:47
Core Technologies: URL
03:05
Core Technologies: HTML
04:37
Core Technologies: CSS
02:18
Core Technologies: DOM
04:07
Core Technologies: JavaScript
03:26
Core Technologies: HTTP
16:43
Core Technologies: HTTPS and Digital Certificates
06:33
Core Technologies: Session State and Cookies
03:34
Attack Surfaces
02:33
Introduction to Burp: Downloading, Installing and Running
07:53
Introduction to Burp: Capturing HTTPS Traffic
03:11
+ Reconnaissance and Discovery
9 lectures 45:47
Intro to Reconnaissance
03:31
Extract Domain Registration Information: Whois
04:19
Identifying Hosts or Subdomains Using DNS: Fierce & Theharvester
06:07
Detect Applications on The Same Service
01:09
Ports and Services on The Web Server
08:44
Review Technology/Architecture Information
04:36
Minimum Information Principle
02:55
+ Authentication and Authorization Testing
12 lectures 01:13:11
Definition
02:37
Creating a Password List: Crunch
07:31
Attacking Insecure Login Mechanisms
09:12
Attacking Insecure Logout Mechanisms
04:50
Attacking Improper Password Recovery Mechanisms
05:50
Attacking Insecure CAPTCHA Implementations
08:39
Path Traversal: Directory
06:43
Introduction to File Inclusion Vulnerabilities
06:23
Local File Inclusion Vulnerabilities
06:11
Remote File Inclusion Vulnerabilities
05:51
+ Session Management Testing
6 lectures 33:44
Http Only Cookies
07:15
Secure Cookies
03:48
Session ID Related Issues
01:57
Introduction Cross-Site Request Forgery
07:08
Stealing and Bypassing AntiCSRF Tokens
07:59
+ Input Validation Testing
19 lectures 02:31:13
Definition
03:02
Reflected Cross-Site Scripting Attacks
09:42
Reflected Cross-Site Scripting over JSON
06:24
Stored Cross-Site Scripting Attacks
09:56
DOM Based Cross-Site Scripting Attacks
10:04
Inband SQL Injection over a Search Form
14:24
Inband SQL Injection over a Select Form
08:22
SQL Injection over Insert Statement
07:07
Boolean Based Blind SQL Injection
06:53
Time Based Blind SQL Injection
05:34
Detecting and Exploiting SQL Injection with SQLmap
11:30
Detecting and Exploiting Error Based SQL Injection with SQLmap
05:10
Detecting and Exploiting Boolean and Time Based Blind SQL Injection with SQLmap
08:02
Command Injection Introduction
05:35
Automate Command Injection Attacks: Commix
05:43
XML/XPATH Injection
14:07
SMTP Mail Header Injection
06:51
PHP Code Injection
06:00
+ Testing Cryptography
2 lectures 11:27
Attacking HTML5 Insecure Local Storage
04:58
+ Using Known Vulnerable Components
4 lectures 22:20
Druppal SQL Injection: Drupageddon (CVE-2014-3704)
07:49
SQLite Manager: File Inclusion (CVE-2007-1232)
04:52
SQLite Manager: PHP Remote Code Injection
02:55
SQLite Manager: XSS (CVE-2012-5105)
06:44
+ Other Attacks
4 lectures 30:46
Bypassing Cross Origin Resource Sharing
09:04
XML External Entity Attack
08:02
Attacking Unrestricted File Upload Mechanisms
07:05
Server-Side Request Forgery
06:35