This is a Beginner’s Guide to Practical Web Security.
Do you intend to begin a career in AppSec but lack the necessary experience? Are you having trouble figuring out where to start when it comes to Application Security? Would you like to know what it takes to get started with Bug Bounties? If so, this Web application Penetration Testing course will be an excellent start for you. In this practical web application penetration testing course, beginners learn about a variety of common attacks on web applications. As soon as you’ve mastered the foundation, you can start building your skills on your own. In addition to web security theoretical content and a custom web application developed for the course, this entry-level course also features a Java-based web application. As well as these topics, the course covers some challenges in publically accessible vulnerable web applications. This course provides necessary background details to the concepts wherever necessary.
These are some of the topics covered in this Web application Penetration Testing course:
- Web Application Architecture
- HTTP Requests and Responses
- SQL Injection – Authentication Bypass
- Manually Exploiting Error Based SQL Injection
- SQLMap for exploiting SQL Injection
- Cross Site Scripting – Reflected, Stored and DOM Based
- Cross Site Request Forgery
- Broken Cryptography
- Access Control Issues
- Arbitrary File Uploads
- XPATH Injection
- XML External Entity (XXE) Injection
- Java Deserialization
- Command Execution via Security Misconfigurations
- Command Execution via outdate software
The following information will be provided for most vulnerabilities covered in the Web application Penetration Testing course.
- Identifying a vulnerability
- How to exploit an identified vulnerability
- How to prevent the discussed vulnerability
NOTE: This is Web application Penetration Testing course is being updated and new content will be uploaded until all the advertised modules are covered.
- A computer with administrative access, if you want to follow the hands-on exercises.
- Good to have knowledge of any one programming language.
Who this course is for:
- Bug bounty hunters
- Penetration testers
- Security Auditors
- Red Team Operators
- Web Application Developers
- Anyone interested in security.
Created by Srinivas .
Last updated 8/2021
Size: 1.2 GB