Complete Ethical Hacking And Penetration Testing for Web Apps

Learn OWASP TOP 10 Vulnerability Categories and the Defenses and Fixes for them. Covering all the popular hacking types

  • (5.0) 2 étudiants inscrits

Aperçu du cours

Internet is all around us. We have been using the facilities of the internet for a long while and as the internet came in, the cyber-security threat also started to appear. You can hear stories of cyber-attacks day by day in newspapers and media.

As the facilities, the easiness and the comfort of using internet-based applications, even if its a web application or a mobile application which is using a cloud-based API, the chances of getting a cyber attack has also been increased. It has been increased to such a level that we cannot even predict what happens the next day, because hackers are always alert and vigilant and they are looking for a loophole to get into an application and steal your information.

Like the saying " A person knows how to break a lock, can make a good lock !" because he knows the vulnerabilities, he knows the loopholes and that person can build a good secure application or he can guide the developer to build a good application which is almost secure and which does not have the loopholes that have already been discovered.

So being cybersecurity professionals or being cyber security enthusiasts, we will deal with the OWASP Top 10 vulnerabilities. OWASP is a community-based project, that is Open Web Application Security Project. Periodically they will be updating their list of vulnerabilities. And in this Top 10 list of vulnerabilities, we will be having a subset of other vulnerabilities which will be coming under this top 10 vulnerabilities. So we will cover almost 30 kinds of most popular vulnerabilities in this course and these vulnerabilities are the common vulnerabilities that are currently in the Cyber World.

Once you get hold of these 30 vulnerabilities, you will be having enough confidence to test a web application or test a cloud-based application in an API based application, a mobile application which is using a cloud-based API. In every session, I am giving you the mitigations, the defensive mechanisms that we can follow to avoid the vulnerability that we discussed in that particular session. So you will be able to suggest the defensive measures to the programmer or to the developer who is developing the web application.

Please make sure you are using these techniques only for Penetration Testing as well as Ethical Hacking and please do not use it for any other illegal purpose or any other un-ethical kind of things.

Cyber-security and Penetration Testing is a very lucrative career. This course is indented for Cyber Security Beginners, with an overview of basic web coding, interested to come into the cybersecurity world, and also, existing Testers, who are willing to go into the Penetration Testing. People who are interested in Ethical Hacking can also do this course.

In this course, we will be concentrating mainly on how Penetration Testing can be done on web-based applications. And it can also be used for mobile-based applications because most of the mobile-based applications communicate with a cloud-based API. The security of this API is the security of the mobile application which is using this API. And by the end of this course, we will be providing you with a course completion certificate on-demand, which you can include in your resume and it will be giving very high value to your current profile.

Quelles sont les exigences?

  • Should have the basic knowledge of how web applications work. However, its good to have basic HTML, Java-script and PHP knowledge. A minimal configuration PC or laptop would be fine.

Que vais-je retirer de ce cours?

  • You will understand about how to make use of the most popular vulnerabilities (OWASP TOP 10) to hack into a website and the ways to prevent i

Quel est le public cible?

  • Beginners, curious about penetration testing, who have an overview of how web applications work, good to have basic HTML, Java-script and PHP knowledge. Developers and testers who want to upgrade themselves as penetration testers.

A propos de l'auteur

I  am a pioneering, talented and security-oriented Android/iOS Mobile and PHP/Python Web Developer Application Developer offering more than eight years’ overall IT experience which involves designing, implementing, integrating, testing and supporting impact-full web and mobile applications. I am a Post Graduate Masters Degree holder in Computer Science and Engineering. My experience with PHP/Python Programming is an added advantage for server based Android and iOS Client Applications. I am currently serving full time as a Senior Solution Architect managing my client's projects from start to finish to ensure high quality, innovative and functional design.

Curriculum du cours

Quick Overview of the Course
1 Video Lectures | 06:28

  • Quick Overview of the Course
    06:28
     

Lab Setup 1: Install WAMP
1 Video Lectures | 04:23

  • Install WAMP, the Apache, PHP and MySQL stack for hosting the demo web server
    04:23
     

Lab Setup 2: Install Mutillidae
1 Video Lectures | 05:50

  • Install Mutillidae II, a free, open source, deliberately vulnerable web-app
    05:50
     

Lab Setup 3: Install Burp Suite
1 Video Lectures | 07:38

  • Install Burp Suite - An integrated platform for security testing of web Sites
    07:38
     

Troubleshooting Burp : Cannot load HTTPS Websites
1 Video Lectures | 02:01

  • Troubleshooting Burp : Cannot load or Intercept HTTPS Websites
    02:01
     

SQL Injection - Attack and Defenses
1 Video Lectures | 09:43

  • SQL Injection - Hacking Techniques and Defenses
    09:43
     

OS Command Injection - Attack And Defenses
1 Video Lectures | 07:25

  • OS Command Injection - Hacking Techniques and Defenses
    07:25
     

JSON Injection Attack using Reflected XSS Technique and Defense Measures
1 Video Lectures | 11:40

  • JSON Injection Attack using Reflected XSS Technique and Defense Measures
    11:40
     

Cookie Manipulation Attack and Defense
1 Video Lectures | 11:08

  • Cookie Manipulation Attack and Defense Tips
    11:08
     

Username Enumeration Attack - Part 1 and 2
2 Video Lectures | 14:12

  • Username Enumeration Attack - Part 1
    07:06
     
  • Username Enumeration Attack and Defense Tips - Part 2
    07:06
     

Brute Force Attack Technique and Defenses
1 Video Lectures | 11:49

  • Brute Force Attack Technique and Defenses
    11:49
     

Cross Site Scripting (Reflected XXS using HTML Context)
1 Video Lectures | 08:15

  • Cross Site Scripting (Reflected XXS using HTML Context)
    08:15
     

Cross Site Scripting (Reflected XSS using JavaScript)
1 Video Lectures | 10:40

  • Cross Site Scripting (Reflected XSS using JavaScript)
    10:40
     

Storage Cross Site Scripting Attack - XSS Defenses
1 Video Lectures | 11:02

  • Storage Cross Site Scripting Attack - XSS Defenses
    11:02
     

Insecure Direct Object Reference - IDOR and Defense using File Tokens
1 Video Lectures | 08:06

  • Insecure Direct Object Reference - IDOR and Defense using File Tokens
    08:06
     

Insecure Direct Object Reference - IDOR and Defense using URL Tokens
1 Video Lectures | 05:04

  • Insecure Direct Object Reference - IDOR and Defense using URL Tokens
    05:04
     

Directory Browsing / Traversal Threat Demonstration
1 Video Lectures | 05:32

  • Directory Browsing / Traversal Threat Demonstration
    05:32
     

XXE - XML External Entity Attack
1 Video Lectures | 05:55

  • XXE - XML External Entity Attack Demonstration
    05:55
     

User Agent Manipulation or Spoofing Attack
1 Video Lectures | 08:02

  • User Agent Manipulation or Spoofing Attack
    08:02
     

Security miss-configuration Attack Defenses (DIR Browsing, XXE, User Agent)
1 Video Lectures | 04:34

  • Security miss-configuration Attack Defenses (DIR Browsing, XXE, User Agent)
    04:34
     

Sensitive Data Exposure Vulnerability (HTML/CSS/JS Comments)
1 Video Lectures | 04:29

  • Sensitive Data Exposure Vulnerability (via HTML/CSS/JS Comments)
    04:29
     

Hidden / Secret URL Vulnerability and Defenses
1 Video Lectures | 10:18

  • Hidden / Secret URL Vulnerability and Defenses
    10:18
     

HTML 5 Web Storage Vulnerability and Defenses
1 Video Lectures | 08:44

  • HTML 5 Web Storage Vulnerability and Defenses
    08:44
     

Role Based Access Vulnerability and Defense
1 Video Lectures | 05:08

  • Role Based Access Vulnerability and Defense
    05:08
     

CSRF - Cross Site Request Forgery Attack
2 Video Lectures | 12:58

  • CSRF - Cross Site Request Forgery Attack - Part 1
    08:37
     
  • CSRF - Cross Site Request Forgery Attack and Defenses - Part 2
    04:21
     

Entropy Analysis for CSRF Token
1 Video Lectures | 11:34

  • Entropy Analysis for CSRF Token
    11:34
     

CVSS - Common Vulnerability Scoring System
1 Video Lectures | 05:57

  • CVSS - Common Vulnerability Scoring System
    05:57
     

Unvalidated URL Redirect Attack and Prevention code sample
1 Video Lectures | 07:36

  • Unvalidated URL Redirect Attack and Prevention code sample
    07:36
     

Commentaires

  • Aucun avis trouvé