Web application Penetration testing & Security -Bug Hunting!
3.7 (179 ratings)
Course Ratings are calculated from individual students’ ratings and a variety of other signals, like age of rating and reliability, to ensure that they reflect course quality fairly and accurately.
1,342 students enrolled

Web application Penetration testing & Security -Bug Hunting!

Hunting bugs in Web applications from security perspective - Web application security tester - Beginner to Advanced
3.7 (179 ratings)
Course Ratings are calculated from individual students’ ratings and a variety of other signals, like age of rating and reliability, to ensure that they reflect course quality fairly and accurately.
1,342 students enrolled
Created by Atul Tiwari
Last updated 2/2019
English
English [Auto]
Current price: $139.99 Original price: $199.99 Discount: 30% off
5 hours left at this price!
30-Day Money-Back Guarantee
This course includes
  • 9 hours on-demand video
  • 13 articles
  • 15 downloadable resources
  • Full lifetime access
  • Access on mobile and TV
  • Certificate of Completion
Training 5 or more people?

Get your team access to 4,000+ top Udemy courses anytime, anywhere.

Try Udemy for Business
What you'll learn
  • Assess Web applications insecurities
  • Audit OWASP Top 10
  • Penetrate web applications
  • Perform web security audits
  • Perform bug hunting
  • Burp suite advanced
  • Analysing web apps with Burp suite
  • Be a Web app hacker!
Requirements
  • Basic knowledge of JavaScript and HTML
Description

This is highly practical and hands-on training for Web application penetration testing that covers the OWASP top 10 vulnerabilities to attack and secure.

Combining the most advanced techniques used by offensive hackers to exploit and secure.

[+] Course at a glance

  • Starting with various terminologies of web technologies such as, HTTP cookies, CORS, Same-origin-policy etc and ends with multiple resources.
  • Once you get sufficient insights of web technologies, the second module covers the, Mapping of application for insecurities, with various tools and tricks with heavy usage of most advanced intercepting proxy "Burp Suite".
  • Mostly focused over serious vulnerabilities such as SQL Injection, Cross-site scripting, Cross-site request forgery, XML External Entity (XXE) attacks, Remote command Execution, Identifying load balancers, Metasploit for web applications, Advanced phishing attacks through XSS and more..

[+] Training Methodology

Every lesson starts with Finding and hunting for vulnerability by taking the points how developers make and secure the web application at the time of development, once we have the clear path of working of development phase to security, then we hunt for application business logics to attack. This is where most penetration testers failed in their own game.

"If i need to chop down a tree in six hours, i will use four hours to sharpen my axe and rest 2 hours to cut the tree"

The same strategy has been covered in this course. we start with getting around of web applications by making analysis of application and watching the working behavior of the same.

#This course has been adapted from our work experience at gray hat security.

[+] Course materials

  • Offline access to read PDF slides
  • 8+ Hours of Videos lessons
  • Self-paced HTML/Flash
  • Access from PC, TABLETS, SMARTPHONES.
  • 400+ PDF Slides


Who this course is for:
  • General security practitioners or Ethical hackers, security experts
  • Penetration testers, Web administrators
  • Database administrators
  • Web application developers, Website designers and architects
  • Ethical hackers
  • Cyber security enthusiasts
  • Network security enthusiasts
  • Data security enthusiasts
  • Web server hackers
  • Exploit writers
  • Secure coders
  • Administrators
  • Network administrators
  • Bug bounty hunters
Course content
Expand all 63 lectures 09:20:28
+ WEB APPLICATION TECHNOLOGIES 101
10 lectures 55:38
HTTP Protocol basics
10:48
Same Origin Policy - SOP
06:18
HTTP Cookies
10:59
Cross-Origin resource sharing - CORS
04:53
Web application proxy
09:10
Web application architecture - PDF
00:04
HTTP State Management Mechanism - RFC6265
00:07
DNSSEC- RFC_3008
00:04
Domain names concepts - rfc1034
00:06
+ MAPPING THE APPLICATIONS
10 lectures 01:14:42
Fingerprinting web servers
05:25
DNS Analysis - Enumerating subdomains
03:53
Web technologies analysis in real time
02:45
Outdated web application to server takeover
07:35
BruteForcing Web applications
05:57
Shodan HQ
07:11
Harvesting the data
05:02
Finding link of target with Maltego CE
08:41
Finding target details and documents - by open source
16:07
+ CROSS-SITE SCRIPTING ATTACKS - XSS
14 lectures 02:19:34
Cross Site Scripting - XSS - PDF
00:04
Cross site scripting 101
07:26
Reflected XSS
13:43
Persistent XSS
11:05
DOM-Based XSS
10:09
Website defacement through XSS
09:22
Generating XSS attack payloads
12:46
XSS in PHP, ASP & JS Code review
13:23
Cookie stealing through XSS
12:23
Advanced XSS phishing attacks
07:37
Advanced XSS with BeEF attacks
09:34
Advanced XSS attacks with Burp suite
08:20

This lesson is about all four attack types in intruder module and intruder module itself.

Advanced Burp Intruder attacks
23:14
Codes for XSS phishing, cookie stealing and GUIDES
00:28
+ SQL INJECTION ATTACKS - EXPLOITATIONS
8 lectures 01:44:23
Introduction to SQL Injection
16:20
Dangers of SQL Injections
04:47
Hunting for SQL Injection vulnerabilities
19:53
In-band SQL Injection attacks
26:32
Blind SQL Injection attack in-action
09:44
Exploiting SQL injection - SQLMap
08:46
Fuzzing for SQL Injection - Burp Intruder
13:41
DruppaGedden attacks resources
04:40
+ CROSS SITE REQUEST FORGERY - XSRF
4 lectures 39:01
CSRF or XSRF attack methods
12:21
Anti-CSRF Token methods
15:19
Anti-CSRF token stealing-NOT easy
11:18
CSRF Prevention cheetsheet
00:03
+ AUTHENTICATION & AUTHORIZATION ATTACKS
3 lectures 25:52
Simple Authentication bypass-hydra
11:02
HTTP Verb Tampering
08:49
HTTP parameter pollution - HPP
06:01
+ CLIENT SIDE SECURITY TESTING
4 lectures 26:40
Client side control bypass
09:36
Generating Click-jacking attack - Clickbandit
10:42
Web socket-rfc6455
00:03
Cross windows messeging - Resource
06:18
+ FILE RELATED VULNERABILITIES
4 lectures 33:54
LFI & RFI attacks
12:41
Unrestricted file upload - content type
06:29
Unrestricted file upload - extension type
05:30
Remote code execution using Shell Uploads
09:14
+ XML EXTERNAL ENTITY ATTACKS - XXE
3 lectures 29:06
XML Documents & database
13:38
XXE attacks in action
13:52
Out-of-Band XXE - OOB Resource
01:36