Autoplay
Autocomplete
Previous Lesson
Complete and Continue
Step by Step Web Applications Penetration Tester
Why Web Security?
Introduction (1:14)
Core Problems - Why Web Security (7:33)
Web Technologies
Preparing the Lab Environment (8:31)
Mapping the Web Application. User and Password Brute-Forcing
What Web Application Mapping Means
Usernames and Passwords Brute-Forcing using Burp (14:54)
Spider and Analyze a Website using Burp (5:27)
Brute-frocing Web Resources using Dirb and Dirbuster (10:38)
Attacking Authentication and Session Management - Session Hijacking
Theoretical Overview of Attacking Authentication and Session Management
Session Hijacking trough Man In The Middle Attack (11:05)
Intercept and access traffic over HTTPS (8:57)
Access controls. Data stores and Client-side Controls
Theoretical Approach of Attacking Access Controls
SQL injection (9:09)
Exploiting SQLi using Sqlmap and Getting Remote Shell (10:07)
Upload and Remote File Execution (10:43)
Attacking the Server and Application Logic
Attacking the server: OS Command injection, Path Traversal and Mail Injection
Attacking Application Logic
(XSS) Cross Site Scripting. Attacking the Users
Cross Site Scripting Theory. Attacking Users
Reflected XSS – Session Hijacking using Cross Site Scripting (10:29)
Stored or Persistent Cross Site Scripting (6:59)
Cross-site Request Forgery (CSRF) (7:19)
Guideline for Discovering and Improving Application Security
Guideline for Discovering and Improving Application Security
Theoretical Approach of Attacking Access Controls
Lesson content locked
If you're already enrolled,
you'll need to login
.
Enroll in Course to Unlock