Web Hacking: Become a Professional Web Pentester
0.0 (0 ratings)
Instead of using a simple lifetime average, Udemy calculates a course's star rating by considering a number of different factors such as the number of ratings, the age of ratings, and the likelihood of fraudulent ratings.
24 students enrolled
Wishlisted Wishlist

Please confirm that you want to add Web Hacking: Become a Professional Web Pentester to your Wishlist.

Add to Wishlist

Web Hacking: Become a Professional Web Pentester

Learn everything you need to execute web application security assessments.
0.0 (0 ratings)
Instead of using a simple lifetime average, Udemy calculates a course's star rating by considering a number of different factors such as the number of ratings, the age of ratings, and the likelihood of fraudulent ratings.
24 students enrolled
Created by Geri Revay
Last updated 9/2017
English
Current price: $10 Original price: $195 Discount: 95% off
5 hours left at this price!
30-Day Money-Back Guarantee
Includes:
  • 8 hours on-demand video
  • 2 Articles
  • 1 Supplemental Resource
  • Full lifetime access
  • Access on mobile and TV
  • Certificate of Completion
What Will I Learn?
  • understand web security problems and how to fix them,
  • find security vulnerabilities in web applications,
  • start working as a penetration tester for web applications,
View Curriculum
Requirements
  • Students need to have IT background.
  • Virtual machines are used in the course, a user level understanding of VMWare or Virtualbox is needed.
Description

This course contains everything to start working as a web pentester. You will learn about exploitation techniques, tools, methodologies, and the whole process of security assessments. It is absolutely hands-on, you will do all the attacks in your own pentest environment using the provided applications. The targets are real open-source software. You will have to work hard but at the end you will be able to do web security assessments on your own. 

Who is the target audience?
  • Developers who want to secure their web applications.
  • People who want to become penetration tester.
  • Penetration testers who want extend their portfolio to web applications.
  • Anybody who work in IT or studies it and is interested in web hacking.
Compare to Other Penetration Testing Courses
Curriculum For This Course
52 Lectures
07:57:22
+
Warm up
3 Lectures 09:58

Introduction to the course.

Preview 03:33

Computer hacking is a sensitive topic, so there is nothing without a disclaimer.

Everything in this course is my private opinion and product. My employer has no connection to it.


Preview 01:34

Introduction to the methodology of security assessments and what is covered by this course.

Preview 04:51
+
Environment setup
5 Lectures 34:16

Introduces the contents of this section.

Preview 01:25

Download all the resources for the rest of the course.

Download resources
00:15

We will setup the target server, which we will attack in the following sections.

Preview 08:56

We will install Kali linux, which we will use throughout the course.

Setting up Kali
14:37

We will install the newest Burp Suite in our Kali.

Setting up the Burp Suite
09:03
+
Web 101
6 Lectures 01:22:39

You will learn about the HTTP protocol, which is in the core of the web. You will be able to understand HTTP communication.

How HTTP works
12:36

Starting from the basics of web sites you will learn how HTML works.

Static HTML
10:18

We will write a simple PHP page to understand how that and similar technologies work.

PHP and friends
14:25

We will write a simple MVC application in python with Django, to get a general understanding about modern web frameworks.

Preview 30:00

We will write Javascript to understand its concept.

Javascript
14:40
+
Application discovery
2 Lectures 28:37

How to map the application manually.

Manual discovery
16:51

We will learn about tools, which can help you in the discovery process.

Automated discovery
11:46
+
Attacking session management
6 Lectures 01:01:47

Introduction to how session management works in web applications.

Preview 13:32

You will learn about session fixation vulnerabilities and how to exploit them.

Session fixation
11:10

You will learn about why logout is critical in session management.

Weak logout
04:40

You will learn about the Same Origin Policy, which is one of the most important security measures of browsers. Understanding how it works is necessary to be able to attack it.

Same origin policy
07:05

Cross-site request forgery is one of the most important vulnerabilities in web applications. You will learn about it everything you need to know in this lecture.

Preview 19:58

You will learn, what to recommend to your customers when they suffer from session management problems.

Securing the session
05:22
+
Attacking authentication
8 Lectures 56:19

The corner stone of today's encryption is SSL/TLS, we will learn everything you need to know about it.

SSL/TLS
19:58

We are going to try some authentication bypass attacks.

Authentication bypass
07:53

Getting access to the application in the most simple way, and it surprisingly works.

Unauthenticated URL access
06:06

We need to talk about password quality because it is still a problem.

Password quality
03:28

You will learn how to do password brute force attacks against web applications.

Preview 08:01

Defaults were always the friend of attackers, you will learn why.

Default accounts
02:37

There are various ways to recover passwords. Not all of them are secure. You will see here why.

Weak password recovery
04:48

We will learn how to prevent authentication problems.

Mitigations
03:28
+
Attacking authorization
4 Lectures 16:55

Typical error is to find feature, authorization is not implemented correctly.

Preview 04:53

Trusting the client side is always a problem. We will learn how to exploit this trust in web applications.

Manipulating variables
05:15

Again, never trust the client, especially with authentication.

Client side authentication
04:25

We will learn how to prevent authorization problems.

Mitigations
02:22
+
Attacking the client
6 Lectures 01:06:06

Silver bullet of web applications. In this lecture you will learn how to exploit reflected cross-site scripting vulnerabilities.

Preview 18:00

Golden bullet (if there is anything like that) of web applications.

Stored XSS
10:30

We will learn how HTTP headers can be used in attacks.

HTTP header injection
10:54

Redirects are innocent, right? We will learn here why they aren't.

Malicious URL redirection
14:04

Various attacks are possible if the content type is wrong. We will experiment with these.

Exploiting wrong content-type
08:29

Fortunately for the world there are new security protections against various attacks. We will learn about some of them in this lecture.

Mitigations
04:09
+
Server side injections
8 Lectures 01:43:03

File upload is always interesting. Many things can go wrong, which we will learn how to exploit.

Malicious file upload
14:23

Local and Remote File Inclusion can give you code execution on the server. We will learn how.

LFI and RFI
14:21

Applications sometimes allow code execution in the OS if we can find it. We will find it.

OS command injection
13:35

This vulnerability exists since decades and it doesn't want to go away. We will learn how it works and how to exploit it.

Preview 17:51

UNION Select is a special case of SQL injection which can be really useful when extracting data.

UNION Select Attack
12:51

Exploiting blind SQL injection vulnerabilities is difficult, but we will learn how to do it.

Blind SQL injection
13:51

SQL injections can be time consuming. We will learn how to save some time using tools and automation.

Automating SQLi testing
12:04

Mitigations
04:07
+
The rest
4 Lectures 17:43

Quality report is a very important thing if you are doing this professionally. I will give you some tips about how to make a good report.

Reporting
05:38

In this lecture we will learn about how to use my checklist in security assessments.

Preview 04:33

Checklist download
00:02

We will talk about what you should do to after this course.

What's next
07:30
About the Instructor
Geri Revay
4.3 Average rating
934 Reviews
25,165 Students
2 Courses
Penetration Tester/ Ethical Hacker

I hack stuff for fun and profit, at the moment at Siemens AG in Germany. I was also an external consultant for various companies in insurance, banking, telco or even car production. When I have some free time I also talk at conferences.

Here at Udemy my goal is to put my knowledge and experience in a form which is useful for others, to save you the time, which I spent to acquire all this knowledge from different sources.