Udemy
    •  
    •  
    •  
    •  
    •  
    •  
    •  
    •  
Turn what you know into an opportunity and reach millions around the world.
Learn More
Your cart is empty.
Keep shopping
Ethical Hacking Primer: From OWASP Top 10 to DVWA
Rating: 4.4 out of 5(147 ratings)
8,242 students

Ethical Hacking Primer: From OWASP Top 10 to DVWA

Going over the OWASP Top 10 theory and a hands-on lab for DVWA
Created byAlper Basaran
Last updated 6/2022
English

What you'll learn

  • An overview of the OWASP Top 10 Web Vulnerabilities List
  • Fundamental prevention methods against OWASP Top 10 vulnerabilities
  • Basic compnonents of the BurpSuite proxy
  • Bruteforce attacks
  • Command injection attacks
  • SQL injection attacks
  • XSS (Cross-Site Scripting) attacks

Course content

4 sections20 lectures51m total length
  • Introduction2:22

    Introduction to the course.

    Answering the important question of "who is this course for?"

  • Broken Access Control Vulnerabilities1:15

    Going over OWASP Top 10: A01 Broken Access Control vulnerabilities. Their impact and prevention methods.

  • Cryptographic Failures1:09

    Going over cryptographic failure vulnerabilities and ways to prevent them.

  • Injection Vulnerabilities1:14

    Discussing how Injection vulnerabilities occur and how they can be avoided.

  • Insecure Design1:31

    Going over insecure design vulnerabilities and how S-SDLC (Secure Software Development Lifecycle) and the "Shift Left" approach can help avoid these.

  • Security Misconfiguration0:37

    Discussing vulnerabilities arising from security misconfigurations and going over prevention methods.

  • Vulnerable and Outdated Components0:29

    Any component of the application can impact the overall security level. A vulnerability management program can help detect and mitigate these.

  • Identification and Authentication Failures0:32

    User identity is critical for most modern web applications. We will discuss ways to avoid these.

  • Software and Data Integrity Failures0:27

    CI/CD allows for a more efficient development lifecycle, however, it can also be the cause of vulnerabilities.

  • Security Logging and Monitoring Failures0:25

    Insufficient logging and monitoring is not a vulnerability in itself. Lack of logging can make life very hard for security teams once the application is deployed.

  • Server-Side Request Forgery (SSRF)0:31

    SSRF are vulnerabilities that may allow the attacker to reach internal systems that are otherwise protected.

Requirements

  • This is a primer, no previous experience is required.

Description

We will explore web application vulnerabilities, go over the OWASP Top 10 web vulnerabilities list and do some hands-on exercises on Damn vulnerable web application with the virtual machine provided.

This course is not a complete ethical hacking course, it is a primer. The goal of this course is to familiarize beginners to the OWASP Top 10 vulnerabilities, go over remediation methods and provide a lab environment where they can practice the newly acquired skills. High severity vulnerabilities such as SQL injection, Bruteforce attacks, Command Injection, XSS and CSRF will be exploited and the methodology to detect and exploit these vulnerabilities will be explained. 

This course would be ideal for anyone who is considering starting a training course on cyber security. If you have just signed up to platforms such as TryHackMe or HacktheBox, this course will also give a fundamental idea about vulnerabilities you may learn to exploit.

This course can also provide web developers with some ideas on building more secure software as we will discuss some aspects of the secure software development lifecycle.


I have provided you with a free virtual machine image you will be able to download, and build your own lab environment locally. So you can follow along with this course and keep practicing afterwards.

Who this course is for:

  • Beginners in cyber security, penetration tests and ethical hacking