
This course includes 7 lessons. The lessons cover the fundamental security principles of the modern web and bugs finding strategy. It provides a comprehensive understanding of the most common attack tactics and countermeasures. The course shows real cases derived from pentesting practice and resources such as HackerOne and OWASP.
You will find out what requires attention when it comes to testing and implementing various functionalities in web applications and what can happen in case of untimely use of certain functions.
So let’s get started!
Open access files and directories stored on an application server are considered one of the most widespread security issues. This is obvious given that an attacker can gain access to confidential data. The consequences of attacks are specific and depend on how contents can be used for malicious purposes.
This video illustrates the way to submit a practice assignment called 'FirstTry', which is located on hacktory.ai. In this task, you are going to deal with a poorly protected website of a bank. Using such tools as Dirsearch and Dirb, you will get the personal data of a user and illegitimate access to the website.
Command injection is one of the most common and dangerous vulnerabilities existing in applications. It allows an attacker to execute arbitrary operating system commands on the server that is running an application, and compromise the entire application.
The exploitation of SQL injection allows an attacker to get control over the logic of an SQL query and thus perform a variety of actions, such as accessing initially unavailable data, causing a denial of service, performing arbitrary functions, in other words, all actions the database itself allows you to do using SQL queries.
This video shows how to find a promo code for a 100% discount! Identify the database version and work with it.
This is a part of a practice assignment called '4F1ng3r D1sc0unt', which can be found and solved on hacktory.ai.
If everyone gets 100% off, any shop will soon close. To prevent its bankruptcy, we have to fix the vulnerability!
Cross-site request forgery is one of the simplest and severe web vulnerabilities. To exploit it, an attacker forces a user's browser to send a request to the resource where the user was authenticated to perform an action. The essence of the vulnerability is based on the specifics of the HTTP protocol operation.
You have to get likes for a post with the help of a CSRF vulnerability. To achieve this, register and examine the functionality of a resource.
You can practice exploiting CSRF in the practice assignment 'Social Like' on hacktory.ai.
Make the functionality of getting likes safer again.
You can practice exploiting CSRF in the practice assignment 'Social DisLike' on hacktory.ai.
Cross-site scripting is the most common modern web vulnerability. It falls into the type of injections and happens due to the insecure processing of user input. As a result, the adversary can execute JavaScript code in the victim's browser.
Test yourself in the Hacktory's practice assignment dubbed 'CookieStealer'. This is a way to check that you have an understanding of XSS. Catch admin cookies with JavaScript!
Let's try to fix XSS in the guest book and help a friend.
XML External Entity is an attack typical for XML documents that exploits one of the functionalities of XML parsers. The important thing is that this functionality is documented, but can be used by an attacker.
You have to analyze a request to identify the format of the sent data. As a result, you'll determine the possibility of XXE vulnerabilities and their consequences.
This video illustrates a practice assignment called 'Playground' on the HacktoryAI platform.
Thank you for attending this course!
With the rise of information and immersive applications, developers have created a global network that society relies upon. With this comes a responsibility to ensure that the Web is an open and inclusive space for all. So it’s important to shape the experiences of users’ online lives by making a secure world for everyone. That’s what we’ll touch on, and try to learn throughout the web security course.
Who is this course for?
It’s for IT and cybersecurity specialists, developers, QA experts, and system administrators.
The program of the course
This course includes 7 lessons. The lessons cover the fundamental security principles of the modern web and bugs finding strategy. It provides a comprehensive understanding of the most common attack tactics and countermeasures. The course shows real cases derived from pentesting practice and resources such as HackerOne and OWASP.
You will find out what requires attention when it comes to testing and implementing various functionalities in web applications and what can happen in case of untimely use of certain functions.