Learn web application penetration testing from %00

Name: Learn web application penetration testing from %00
Rating: 4.3 (17 reviews)

Learn to exploit web application vulnerabilities methodically

Created byAdriano Gattabuia

Last updated 6/2018

English

What you'll learn

You will be able to perform a web penetration testing engagement from start to finish
You will be able to discover and exploit web application vulnerabilities

Course content

8 sections • 23 lectures • 3h 38m total length

Introduction4:41
Setting up the environment, Burp Suite configuration10:49

Reconnaissance, information leakage, enumeration9:44
Fingerprinting and mapping the application architecture9:38
Identify entry points by fingerprinting and mapping the application's architecture by spidering pages and requests to reveal the attack surface, and inspect installed web frameworks and external libraries for vulnerabilities.
Test the network/infrastructure configuration12:59
Stack traces and error codes information leakage5:59

Weak SSL/TLS ciphers, weak encryption3:19
Enforce ssl/tls in transit, prevent downgrade to weak ciphers like rc4 or des, secure cookies with the secure flag, and guard against beast and crime vulnerabilities.
Testing for Padding Oracle4:14
Testing business logic data validation, testing against application mis-use9:24
Learn to test business logic and data validation by simulating mis-use, tampering with requests, and timing flaws to assess server-side controls and workflow integrity.
Testing the upload of malicious files13:19
Learn how to test file uploads for allowed types and detect server-side validation gaps that could enable remote access, using high-level pen-testing concepts and tools.

Requirements

A fairly powerful PC to handle the Kali and the vulnerable virtual machine concurrently, 8 GB of RAM is recommended, a i5 processor
Knowledge of web technologies like SQL, HTML, JavaScript, PHP
Knowledge of the HTTP protocol
Knowledge of Linux, the bash command line
Dedication, patience and persistence

Description

In this ethical hacking course you'll learn how to exploit the vulnerabilities found in web applications and web servers following the OWASP Testing Guide framework, used by companies all over the world to perform web penetration testing engagements.

A vulnerable virtual machine, Web Sec Target Practice, is provided with the course for you to practice the various phases of the penetration testing assessment.

We'll predominantly use the Burp Suite Community edition and open source Kali tools throughout the entire course to test the infrastructure of the web server, brute force authentication forms, tamper with header attributes, perform XSS, SQL, command injections and other injection variants. We'll also develop a buffer overflow exploit step by step.

Who this course is for:

Anyone interested in learning web application penetration testing

Learn web application penetration testing from %00

What you'll learn

Explore related topics

Course content

Course introduction2 lectures • 16min

Information gathering, error handling & configuration testing4 lectures • 38min

Authentication & authorization testing3 lectures • 35min

Session management testing2 lectures • 16min

Input validation testing: XSS, SQLi, command injection6 lectures • 1hr 10min

Weak cryptography & business logic testing4 lectures • 30min

Client side testing1 lecture • 9min

Course end1 lecture • 4min

Requirements

Description

Who this course is for: