Learn web application penetration testing from %00
4.1 (11 ratings)
Course Ratings are calculated from individual students’ ratings and a variety of other signals, like age of rating and reliability, to ensure that they reflect course quality fairly and accurately.
5,033 students enrolled

Learn web application penetration testing from %00

Learn to exploit web application vulnerabilities methodically
4.1 (11 ratings)
Course Ratings are calculated from individual students’ ratings and a variety of other signals, like age of rating and reliability, to ensure that they reflect course quality fairly and accurately.
5,033 students enrolled
Created by Adriano Gattabuia
Last updated 6/2018
English
English [Auto-generated]
Current price: $11.99 Original price: $99.99 Discount: 88% off
3 days left at this price!
30-Day Money-Back Guarantee
This course includes
  • 3.5 hours on-demand video
  • Full lifetime access
  • Access on mobile and TV
  • Certificate of Completion
Training 5 or more people?

Get your team access to Udemy's top 3,000+ courses anytime, anywhere.

Try Udemy for Business
What you'll learn
  • You will be able to perform a web penetration testing engagement from start to finish
  • You will be able to discover and exploit web application vulnerabilities

Requirements
  • A fairly powerful PC to handle the Kali and the vulnerable virtual machine concurrently, 8 GB of RAM is recommended, a i5 processor
  • Knowledge of web technologies like SQL, HTML, JavaScript, PHP
  • Knowledge of the HTTP protocol
  • Knowledge of Linux, the bash command line
  • Dedication, patience and persistence
Description

In this ethical hacking course you'll learn how to exploit the vulnerabilities found in web applications and web servers following the OWASP Testing Guide framework, used by companies all over the world to perform web penetration testing engagements.


A vulnerable virtual machine, Web Sec Target Practice, is provided with the course for  you to practice the various phases of the penetration testing assessment.

We'll predominantly use the Burp Suite Community edition and open source Kali tools  throughout the entire course to test the infrastructure of the web server, brute force authentication forms, tamper with header attributes, perform XSS, SQL, command injections and other injection variants. We'll also develop a buffer overflow exploit step by step.

Who this course is for:
  • Anyone interested in learning web application penetration testing
Course content
Expand all 23 lectures 03:38:22
+ Information gathering, error handling & configuration testing
4 lectures 38:20
Fingerprinting and mapping the application architecture
09:38
Test the network/infrastructure configuration
12:59
Stack traces and error codes information leakage
05:59
+ Authentication & authorization testing
3 lectures 35:02
Identity management testing
07:48
Authentication testing
15:36
Authorization testing
11:38
+ Session management testing
2 lectures 15:44
Bypassing the session management schema, tampering with cookie attributes
05:50
Testing for Session Fixation and Cross Site Request Forgery
09:54
+ Input validation testing: XSS, SQLi, command injection
6 lectures 01:10:19
Cross-Site Scripting
07:41
SQL, ORM, XPath, IMAP/SMTP injection
13:46
LDAP, XML, SOAP injection
11:11
Testing for HTTP verb tampering, parameter pollution, splitting/smuggling
10:02
Testing for buffer overflows
20:49
+ Weak cryptography & business logic testing
4 lectures 30:16
Weak SSL/TLS ciphers, weak encryption
03:19
Testing for Padding Oracle
04:14
Testing business logic data validation, testing against application mis-use
09:24
Testing the upload of malicious files
13:19
+ Client side testing
1 lecture 09:19
DOM based XSS, HTML injection, Clickjacking
09:19
+ Course end
1 lecture 03:52
Where to go from here
03:52