Web App Penetration Testing
What you'll learn
- Setting up a web app pentesting lab
- Burp Suite
- Account enumeration and guessable accounts
- weak lock-out mechanisms
- Bypassing authentication schemes
- Browser cache weaknesses
- Account provisioning process via REST API
- Directory traversal - LFI, RFI
- Privilege escalation & IDOR
- Session token strength using Sequencer
- Cookie attributes
- Session fixation
- Exposed session variables & CSRF
- Business logic data validation
- Unrestricted file upload – bypassing weak validation
- Performing process-timing attacks
- Testing for the circumvention of workflows
- Uploading malicious files – polyglots
- Reflected cross-site scripting & Stored cross-site scripting
- HTTP verb tampering & HTTP Parameter Pollution
- SQL injection
- Command injection
Requirements
- Basic Networking
- Basic Web Fundamentals
Description
This course is for Absolute Beginners to Expert levels and Freshers out of College who want to start career with Web Security.
This course is for Absolute Beginners to Expert levels. A variety of applications with known Web Security vulnerabilities and Web App Penetration Testing.
Setting up a web app pentesting lab
Burp Suite
Testing for account enumeration and guessable accounts
Weak lock-out mechanisms
Testing for bypassing authentication schemes
Browser cache weaknesses
Testing the account provisioning process via REST API
Testing for directory traversal
Local File Include (LFI)
Remote File Include (RFI)
Testing for privilege escalation
IDOR
Testing session token strength using Sequencer
Testing for cookie attributes
Testing for session fixation
Exposed session variables
Cross-Site Request Forgery
Testing business logic data validation
Unrestricted file upload – bypassing weak validation
Performing process-timing attacks
Testing for the circumvention of workflows
Uploading malicious files – polyglots
Reflected cross-site scripting
Stored cross-site scripting
Testing for HTTP verb tampering
HTTP Parameter Pollution
Testing for SQL injection
Command injection
Web App Penetration Testing - Home LAB.
1 - How To Setup A Virtual Penetration Testing Lab
2 - Listening for HTTP traffic, using Burp
3 - Getting to Know the Burp Suite of Tools, Know the Burp Suite
4 - Assessing Authentication Schemes
5 - Assessing Authorization Checks
6 - Assessing Session Management Mechanisms
7 - Assessing Business Logic
8 - Evaluating Input Validation Checks
Above mentioned points will cover in this course which is help you to find Web Security Vulnerabilities and Web App Penetration testing
Who this course is for:
- Penetration Testing
- Web App Penetration Testing
- Web Securtiy
- Ethical Hacking
- Bug Hunter
- Bug Bounty
- Web Pentesting Lab
Instructor
- 3.9 Instructor Rating
- 85 Reviews
- 8,710 Students
- 7 Courses
I Have been in the IT & Security Industry for close to 11 years now.
Certification achieved: Certified Ethical Hacker (CEHv10) | F5 -101 Application Delivery Fundamentals | Fortinet Network Security Expert Level 1 to 3: Certified Associate | Certified SOPHOS Firewall Engineer | | Ruckus Wise Level 1 | CCNA | Thycotic- Privileged password security | TrendMicro Deep Security | Palo Alto PCNSE
Alongside got certified expertise on Next-Generation Firewall | Endpoint Protection | IPS | DLP | Encryption | WAF | LTM
Product knowledge include multi OEMs Firewall, IPS, SSL Visibility, Network Security and Endpoint Security & Ransomware attack Investigations.
Delivered multiple Security Deployments across clients: Enterprise and Government sector.
Currently, I am trying to share some of my knowledge by means of Online Teaching via Udemy.