Web hacking and Security

Basic to Intermediate level course for IT Security aspirants
4.3 (99 ratings)
Instead of using a simple lifetime average, Udemy calculates a
course's star rating by considering a number of different factors
such as the number of ratings, the age of ratings, and the
likelihood of fraudulent ratings.
888 students enrolled Bestselling in Security
$19
$50
62% off
Take This Course
  • Lectures 35
  • Length 2 hours
  • Skill Level All Levels
  • Languages English
  • Includes Lifetime access
    30 day money back guarantee!
    Available on iOS and Android
    Certificate of Completion
Wishlisted Wishlist

How taking a course works

Discover

Find online courses made by experts from around the world.

Learn

Take your courses with you and learn anywhere, anytime.

Master

Learn and practice real-world skills and achieve your goals.

About This Course

Published 10/2015 English

Course Description

Hi, welcome to our web hacking and security course.

In this course, we will teach you how client based, server based and application based web attacks are performed in a simulated/test environment in an ethical way. This course helps the web security professional to mitigate these attack using the recommended solution at the end of each module.

You will be encouraged to practice what you have learned in a simulated environment via our practice "Audio Visual Exercise" session.

We have designed this course to enable those aspiring to enter the information security field to learn core concepts on web hacking in order to safeguard a web infrastructure. By the end of this course, you will be familiar with how various types of web hacks are performed and you will be fully equipped to test and safeguard a web infrastructure against various real-time attack vectors.

This course has been specifically designed by a team of information security researchers who are acknowledged experts in their field.

This course has been designed to accelerate your learning process through the use of creative animations and easy to understand voice over narratives. Complex hacking concepts have been broken down into easy to understand modules.

Together, our team will walk you through the entire learning process step by step.

This course is perfect for existing web designers as well as anybody who is passionate about developing their skills in the field of internet security. No prior training is required to take this course as we will start with the basics. We welcome anyone with a thirst for learning.

We look forward to having you join us. In the meantime, please feel free to take a look at our demo tutorial and exercise before you purchase the full course.

What are the requirements?

  • This course includes all the material required either as video or as a downloadable link hence there is no pre required materials or softwares for this course.
  • No prior training is required to take this course as we will start with the basics.
  • We welcome anyone with a thirst for learning

What am I going to get from this course?

  • Understand how web works?
  • Understand what cruise missile architecture is?
  • Understand how Client based attacks are performed?
  • Understand how Application based attacks are performed?
  • Understand how Server based attacks are performed?
  • Learn possible countermeasures to defend against these attacks.
  • Acquire an expertise on web security.

What is the target audience?

  • The course covers ground basics about web, hence student with no prior knowledge on web can opt for this course.
  • This course is perfect for existing web designers as well as anybody who is passionate about developing their skills in the field of internet security.
  • We have designed this course to enable those aspiring to enter the information security field to learn core concepts on web hacking.
  • Very rarely this course consist of software codes, however those codes are explained in a detailed manner. Hence one shouldn't bother about prior coding knowledge.
  • By the end of this course you will be familiar with how various types of web hacks are performed and you will be fully equipped to test web infrastructure against various real time attack vectors.

What you get with this course?

Not for you? No problem.
30 day money back guarantee.

Forever yours.
Lifetime access.

Learn on the go.
Desktop, iOS and Android.

Get rewarded.
Certificate of completion.

Curriculum

Section 1: Introduction
00:28

This part provides an overview of the entire course structure.

10:24

Have you ever wondered what happens behind the scenes when you type "www.google.com" into your browser? Find out here.

3 questions

Choose the correct answer for the Questions

01:46

An introductory look at the list of attack vectors being discussed in the course.

14:45

An insight into the tools that are being used to perform the attacks such as burp suite, cookie manager etc., , along with a tutorial on how to set up a simulated environment using DVWA and Webgoat.

Section 2: Client Based Attacks
04:49

The method of sending fraudulent emails, probing people to disclose sensitive data such as user credentials, financial information etc., is called Phishing. This lecture explains how this can be done using a local host and a server.

03:36

A step-by-step approach on how to perform Phishing using Local Host and Server.

01:36

The method of sending fraudulent emails, probing people to disclose sensitive data such as user credentials, financial information etc., is called Phishing. This lecture explains how this can be done by manipulating the Hosts File in the system.

02:59

A step-by-step approach on how to perform Phishing by manipulating the Hosts File in the system.

02:29

The method of sending fraudulent emails, probing people to disclose sensitive data such as user credentials, financial information etc., is called Phishing. This lecture explains how this can be done using Base64 Encoding.

01:28

A step-by-step approach on how to perform Phishing using Base64 Encoding.

02:21

Cross-site scripting (XSS) is a method of exploiting the trust between a server and a client by injecting a malicious script into a site. When the script gets reflected to one user alone, it is called Reflected or Non-Persistent XSS.

01:09

A practice session on Reflected XSS variants.

01:15

Cross-site scripting (XSS) is a method of exploiting the trust between a server and a client by injecting a malicious script into a site. When the script gets stored in the database and gets reflected to all the users of the application it is known as Persistent XSS.

00:57

A practice session on Stored XSS variants.

00:58

The act of redirecting a user request to a malicious URL is called URL redirection. This lecture explains how this can be performed using XSS vulnerability.

00:56

A practice session that demonstrates the various ways to achieve URL Redirection.

01:52

Content Spoofing is the method of replacing authentic content on a web page with fake content. This lecture explains how this can be performed using XSS vulnerability..

00:49

A practice session that demonstrates the various ways to achieve Content Spoofing.

02:29

This lecture deals with CSRF or XSRF attack, which is nothing but the act of exploiting the trust that a web site has in a user’s browser.

00:55

A practice session that gives a glimpse into the aftermath of the variants of CSRF vulnerability.

02:25

Get to know how to hijack innocent user clicks! Clickjacking - the act of hijacking the innocent user clicks in a web page to perform any malicious activity.

01:08

A step-by-step approach on how to perform a Clickjacking Attack.

01:36

Want to increase the 'likes' on your facebook page? Perform Likejacking - An innocent users' clicks on a web page are hijacked to perform the function of a Facebook page’s like button.

1 question

When innocent user clicks on a web page is hijacked to perform the function of a facebook page's like button it is called a Likejacking.

6 pages

As well as the offensive part of Client based attacks in Web hacking as discussed in previous lectures, this lecture deals with the Defensive Mechanisms or mitigation techniques as they are known.

Section 3: Server Based Attacks
04:29

A Brute Force Attack is an exhaustive key search mechanism that uses a trial and error method to obtain sensitive information, such as user passwords, etc. for gaining unauthorized access. This lecture helps in understanding how brute force attacks can be performed.

08:35

A step-by-step approach on practicing a brute force attack in a simulated environment.

03:25

Making a system or any network resource unavailable to its intended users is called Denial of Service or DOS attack.

3 questions

Making a system or any network resource unavailable to its intended users is called as Denial of Service or DOS attack.

3 pages

As well as the offensive part of server based attacks in Web hacking as discussed in previous lectures, this lecture deals with the Defensive Mechanisms or Mitigation Techniques as they are called.

Section 4: Application Based Attacks
04:39

The act of manipulating the parameters exchanged between client and server is called Parameter Tampering.

04:00

A session for practicing Parameter Tampering.

2 pages

As well as the offensive part of Application Based Attacks in Web hacking as discussed in previous lectures, this lecture deals with the Defensive Mechanisms or Mitigation Techniques as they are called.

Section 5: SQL Injection - Basics level
06:46

Learn the basics of SQL, which allows you to get a glimpse of how a query is constructed using the logical operators available.

03:09

When the query getting formed on authentication of user credentials in a web application is bypassed, it is called Authentication Bypass.

01:02

A session for practicing SQL Authentication Bypass.

1 page

As well as the offensive part of SQL Injection attacks in Web Hacking as discussed in previous lectures, this lecture deals with the Defensive Mechanisms or Mitigation Techniques as they are called.

Students Who Viewed This Course Also Viewed

  • Loading
  • Loading
  • Loading

Instructor Biography

infySEC is a rapidly growing Information Security Services Organization. Our focus is on three areas: Client Security, Research & Development and Information Security Education. infySEC is committed in providing an innovative set of services that address our client's security needs. infySEC keeps focusing on Research & Development, Vulnerabilities Analysis and Tools Development.

Ready to start learning?
Take This Course