Autoplay
Autocomplete
Previous Lesson
Complete and Continue
Step by Step Web Applications Penetration Tester
Why Web Security?
Introduction (1:14)
Core Problems - Why Web Security (7:33)
Web Technologies
Preparing the Lab Environment (8:31)
Mapping the Web Application. User and Password Brute-Forcing
What Web Application Mapping Means
Usernames and Passwords Brute-Forcing using Burp (14:54)
Spider and Analyze a Website using Burp (5:27)
Brute-frocing Web Resources using Dirb and Dirbuster (10:38)
Attacking Authentication and Session Management - Session Hijacking
Theoretical Overview of Attacking Authentication and Session Management
Session Hijacking trough Man In The Middle Attack (11:05)
Intercept and access traffic over HTTPS (8:57)
Access controls. Data stores and Client-side Controls
Theoretical Approach of Attacking Access Controls
SQL injection (9:09)
Exploiting SQLi using Sqlmap and Getting Remote Shell (10:07)
Upload and Remote File Execution (10:43)
Attacking the Server and Application Logic
Attacking the server: OS Command injection, Path Traversal and Mail Injection
Attacking Application Logic
(XSS) Cross Site Scripting. Attacking the Users
Cross Site Scripting Theory. Attacking Users
Reflected XSS – Session Hijacking using Cross Site Scripting (10:29)
Stored or Persistent Cross Site Scripting (6:59)
Cross-site Request Forgery (CSRF) (7:19)
Guideline for Discovering and Improving Application Security
Guideline for Discovering and Improving Application Security
Introduction
Complete and Continue