This course contains everything to start working as a web pentester. You will learn about exploitation techniques, tools, methodologies, and the whole process of security assessments. It is absolutely hands-on, you will do all the attacks in your own pentest environment using the provided applications. The targets are real open-source software. You will have to work hard but at the end you will be able to do web security assessments on your own.
Computer hacking is a sensitive topic, so there is nothing without a disclaimer.
in this course is my private opinion and product. My employer has no connection
Download all the resources for the rest of the course.
We will setup the target server, which we will attack in the following sections.
We will install Kali linux, which we will use throughout the course.
We will install the newest Burp Suite in our Kali.
You will learn about the HTTP protocol, which is in the core of the web. You will be able to understand HTTP communication.
Starting from the basics of web sites you will learn how HTML works.
We will write a simple PHP page to understand how that and similar technologies work.
We will write a simple MVC application in python with Django, to get a general understanding about modern web frameworks.
How to map the application manually.
We will learn about tools, which can help you in the discovery process.
Introduction to how session management works in web applications.
You will learn about session fixation vulnerabilities and how to exploit them.
You will learn about why logout is critical in session management.
You will learn about the Same Origin Policy, which is one of the most important security measures of browsers. Understanding how it works is necessary to be able to attack it.
Cross-site request forgery is one of the most important vulnerabilities in web applications. You will learn about it everything you need to know in this lecture.
You will learn, what to recommend to your customers when they suffer from session management problems.
The corner stone of today's encryption is SSL/TLS, we will learn everything you need to know about it.
We are going to try some authentication bypass attacks.
Getting access to the application in the most simple way, and it surprisingly works.
We need to talk about password quality because it is still a problem.
You will learn how to do password brute force attacks against web applications.
Defaults were always the friend of attackers, you will learn why.
There are various ways to recover passwords. Not all of them are secure. You will see here why.
We will learn how to prevent authentication problems.
Typical error is to find feature, authorization is not implemented correctly.
Trusting the client side is always a problem. We will learn how to exploit this trust in web applications.
Again, never trust the client, especially with authentication.
We will learn how to prevent authorization problems.
Silver bullet of web applications. In this lecture you will learn how to exploit reflected cross-site scripting vulnerabilities.
Golden bullet (if there is anything like that) of web applications.
We will learn how HTTP headers can be used in attacks.
Redirects are innocent, right? We will learn here why they aren't.
Various attacks are possible if the content type is wrong. We will experiment with these.
Fortunately for the world there are new security protections against various attacks. We will learn about some of them in this lecture.
File upload is always interesting. Many things can go wrong, which we will learn how to exploit.
Local and Remote File Inclusion can give you code execution on the server. We will learn how.
Applications sometimes allow code execution in the OS if we can find it. We will find it.
This vulnerability exists since decades and it doesn't want to go away. We will learn how it works and how to exploit it.
UNION Select is a special case of SQL injection which can be really useful when extracting data.
Exploiting blind SQL injection vulnerabilities is difficult, but we will learn how to do it.
SQL injections can be time consuming. We will learn how to save some time using tools and automation.
Quality report is a very important thing if you are doing this professionally. I will give you some tips about how to make a good report.
In this lecture we will learn about how to use my checklist in security assessments.
We will talk about what you should do to after this course.
I hack stuff for fun and profit, at the moment at Siemens AG in Germany. I was also an external consultant for various companies in insurance, banking, telco or even car production. When I have some free time I also talk at conferences.
Here at Udemy my goal is to put my knowledge and experience in a form which is useful for others, to save you the time, which I spent to acquire all this knowledge from different sources.