Udemy
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
Development
Web Development Data Science Mobile Development Programming Languages Game Development Database Design & Development Software Testing Software Engineering Development Tools No-Code Development
Business
Entrepreneurship Communications Management Sales Business Strategy Operations Project Management Business Law Business Analytics & Intelligence Human Resources Industry E-Commerce Media Real Estate Other Business
Finance & Accounting
Accounting & Bookkeeping Compliance Cryptocurrency & Blockchain Economics Finance Finance Cert & Exam Prep Financial Modeling & Analysis Investing & Trading Money Management Tools Taxes Other Finance & Accounting
IT & Software
IT Certification Network & Security Hardware Operating Systems Other IT & Software
Office Productivity
Microsoft Apple Google SAP Oracle Other Office Productivity
Personal Development
Personal Transformation Personal Productivity Leadership Career Development Parenting & Relationships Happiness Esoteric Practices Religion & Spirituality Personal Brand Building Creativity Influence Self Esteem & Confidence Stress Management Memory & Study Skills Motivation Other Personal Development
Design
Web Design Graphic Design & Illustration Design Tools User Experience Design Game Design Design Thinking 3D & Animation Fashion Design Architectural Design Interior Design Other Design
Marketing
Digital Marketing Search Engine Optimization Social Media Marketing Branding Marketing Fundamentals Marketing Analytics & Automation Public Relations Advertising Video & Mobile Marketing Content Marketing Growth Hacking Affiliate Marketing Product Marketing Other Marketing
Lifestyle
Arts & Crafts Beauty & Makeup Esoteric Practices Food & Beverage Gaming Home Improvement Pet Care & Training Travel Other Lifestyle
Photography & Video
Digital Photography Photography Portrait Photography Photography Tools Commercial Photography Video Design Other Photography & Video
Health & Fitness
Fitness General Health Sports Nutrition Yoga Mental Health Dieting Self Defense Safety & First Aid Dance Meditation Other Health & Fitness
Music
Instruments Music Production Music Fundamentals Vocal Music Techniques Music Software Other Music
Teaching & Academics
Engineering Humanities Math Science Online Education Social Science Language Teacher Training Test Prep Other Teaching & Academics
AWS Certification Microsoft Certification AWS Certified Solutions Architect - Associate AWS Certified Cloud Practitioner CompTIA A+ Cisco CCNA Amazon AWS CompTIA Security+ AWS Certified Developer - Associate
Graphic Design Photoshop Adobe Illustrator Drawing Digital Painting InDesign Character Design Canva Figure Drawing
Life Coach Training Neuro-Linguistic Programming Mindfulness Personal Development Personal Transformation Meditation Life Purpose Emotional Intelligence Neuroscience
Web Development JavaScript React CSS Angular PHP WordPress Node.Js Python
Google Flutter Android Development iOS Development Swift React Native Dart Programming Language Mobile Development Kotlin SwiftUI
Digital Marketing Google Ads (Adwords) Social Media Marketing Marketing Strategy Google Ads (AdWords) Certification Internet Marketing YouTube Marketing Email Marketing Retargeting
SQL Microsoft Power BI Tableau Business Analysis Business Intelligence MySQL Data Modeling Data Analysis Big Data
Business Fundamentals Entrepreneurship Fundamentals Business Strategy Online Business Business Plan Startup Blogging Freelancing Home Business
Unity Game Development Fundamentals Unreal Engine C# 3D Game Development C++ 2D Game Development Unreal Engine Blueprints Blender
30-Day Money-Back Guarantee
IT & Software Network & Security Penetration Testing

Impara il web application penetration testing da %00

Impara a sfruttare metodicamente le vulnerabilità delle applicazioni web
Rating: 4.2 out of 54.2 (100 ratings)
623 students
Created by Adriano Gattabuia
Last updated 6/2018
Italian
30-Day Money-Back Guarantee

What you'll learn

  • Sarai in grado di eseguire un web penetration test dall'inizio alla fine
  • Sarai in grado di identificare e sfruttare le vulnerabilità presenti sulle applicazioni e server web

Requirements

  • Un computer abbastanza veloce per gestire sia Kali che la macchina virtuale vulnerabile contemporaneamente. E' consigliato un i5 e 8GB di RAM
  • Conoscenza basilare delle tecnologie web come SQL, HTML, JavaScript, PHP
  • Conoscenza basilare del protocollo HTTP
  • Conoscenza basilare di Linux e della linea di comando bash

Description

In questo corso di ethical hacking imparerai come sfruttare le vulnerabilità trovate nelle applicazioni e nei server web seguendo la guida al testing di OWASP, usata da aziende in tutto il mondo per eseguire penetration test contro le applicazioni web. 

Una macchina virtuale vulnerabile chiamata Web Sec Target Practice viene fornita insieme al corso a scopo dimostrativo.

 
Useremo principalmente l'edizione community di Burp Suite e altri strumenti open source presenti in Kali per testare l'infrastruttura del server, per attaccare i form di autenticazione, manomettere gli attributi degli header, eseguire iniezioni di comandi, iniezioni XSS, SQL e altre varianti di iniezioni. Svilupperemo anche un buffer overflow dall'inizio alla fine.

Who this course is for:

  • Chiuque sia interessato ad apprendere come eseguire un web penetration test

Course content

8 sections • 23 lectures • 3h 35m total length

  • Preview05:03
  • Preview10:49

  • Raccolta delle informazioni, information leakage, enumerazione
    09:43
  • Fingerprinting e mappatura dell'architettura dell'applicazione
    09:00
  • Testare la configurazione dell'infrastruttura e del network
    12:39
  • Informazioni sensibili in codici di errore e stack trace
    05:56

  • Testare la gestione delle identità
    07:48
  • Testare i meccanismi di autenticazione
    15:33
  • Testare i meccanismi di autorizzazione
    11:34

  • Evadere lo schema di gestione delle sessioni, gli attributi dei cookie
    05:49
  • Testare il Session Fixation e il Cross Site Request Forgery (CSRF)
    09:30

  • Il Cross-Site Scripting
    07:23
  • Le iniezioni SQL, ORM, XPath e IMAP/SMTP
    13:46
  • Le iniezioni LDAP, XML e SOAP
    11:15
  • Preview06:46
  • Testare la manipolazione dei verbi HTTP, parameter pollution/splitting
    09:45
  • Testare i Buffer Overflow
    20:35

  • Cifrari SSL/TLS e crittografia deboli
    03:19
  • Testare la vulnerabilità Padding Oracle
    04:04
  • Testare la logica di business e l'abuso dell'applicazione
    09:11
  • Testare l'upload di file infetti
    13:18

  • Il DOM based XSS, l'iniezione HTML e il Clickjacking
    09:07

  • Altre risorse
    03:32

Instructor

Adriano Gattabuia
Security engineer, software developer
Adriano Gattabuia
  • 4.1 Instructor Rating
  • 443 Reviews
  • 11,430 Students
  • 16 Courses

Amo lo studio ed ho lavorato sia come sviluppatore software che come penetration tester negli ultimi sei anni.

Ho iniziato ad insegnare su Udemy tramite il progetto Prime Radiant Security all'inizio del 2018.

Ho divorato centinaia di videocorsi e libri per tutta la vita, sono qui a condividere un'estensione delle conoscenze nate anche da problemi risolti efficientemente nella vita reale.

Credo che la teoria e la pratica debbano essere scrupolosamente equilibrate per evitare caotici approfondimenti da una parte ed evitare la noia e la frustrazione dall'altra.

I've been studying for a lifetime and have been working as both a software developer and as a penetration tester for the past six years. 

I've started teaching through the Prime Radiant Security project at the start of 2018.

I have devoured tons of video courses and books in my life, I'm here to share an extension of the knowledge born out of real life problems I have managed to solve, in the most efficient way possible.

I believe that theory and practice should be carefully balanced in order to avoid further research to understand specific subjects on one hand and to avoid boredom or frustration on the other.

  • Udemy for Business
  • Teach on Udemy
  • Get the app
  • About us
  • Contact us
  • Careers
  • Blog
  • Help and Support
  • Affiliate
  • Impressum Kontakt
  • Terms
  • Privacy policy
  • Cookie settings
  • Sitemap
  • Featured courses
Udemy
© 2021 Udemy, Inc.