0

  • No products in the cart.

App Sec Cyber Security Penetration Test Web Security

HG215: Web App Penetration Testing & Ethical Hacking

In HG215, you will learn the art of hacking & exploiting web applications to find security flaws in web apps. You'll learn about the attacker's tools and methods in order to be a more powerful cybersecurity professional. Through detailed, hands-on exercises and with guidance from the instructor, you will learn the four-step process for web application penetration testing; inject SQL commands into back-end databases to learn how hackers exfiltrate sensitive data; and utilise cross-site scripting (XSS) to dominate a target infrastructure. You will also explore various other web vulnerabilities using proven techniques and a structured security testing methods.

(

ratings )

20

students

This Course Includes

4 weeks
82

Items in Curriculum

Preview Certificate

Course Badge

Created by

Utkarsh Bhargava
06/06/2021
4 weeks
HG215 is beginner friendly training course which enables students to assess a web application's security posture and convincingly demonstrate the business impact should attackers exploit the discovered vulnerabilities. Students will learn common web application vulnerabilities, as well as how to identify and exploit them with the intent of demonstrating the potential business impact. it offers 30+ formal hands-on labs which gives in-depth pragmatic experience to the student.   You Will Be Able To:  
  • OWASP's methodology to your web application penetration tests to confirm they're consistent, reproducible, rigorous, and secure.n
  • Analyze the results from the automated web testing tools to validate findings, determine their impact, and identify false positives.n
  • Manually discover key web application flaws.n
  • Use Python to jot down testing and exploitation scripts during a penetration test.n
  • Discover and exploit SQL Injection flaws to research true risk to the victim organization.n
  • Understand and exploit deserialization vulnerabilities with ysoserial and similar tools.n
  • Create various configurations and test payloads within other web attacks.n
  • Fuzz potential inputs for injection attacks.n
  • Explain the business impact of exploitation of web application flaws.n
  • Analyze traffic between the client and web app using tools like the Zed Attack Proxy (ZAP) and BurpSuite
  • Pro to get security issues within the client-side application code.n
  • Manually identify and exploit Cross-Site Request Forgery (CSRF) attacks.n
  • Use the Browser Exploitation Framework (BeEF) to hook victim browsers, attack client software and also the
  • network, and evaluate the potential impact that XSS flaws have within an application.n
  • Perform 30+ labs to get in-depth hands-on experience of web security flawsn
  You Will Learn:  
  • To apply a proven methodology to deliver high-value pen-tests.n
  • How to discover and exploit key web security flaws.n
  • How to explain the potential business impact of web vulnerabilities.n
  • The importance of web security to an overall IT security posture.n
  • How to use key web attack tools more efficiently.n
  • How to write effective web application penetration test reports.n
  Hands-On Training:  
  • DNS Harvesting and Virtual Host Discoveryn
  • Authentication Bypassn
  • Heartbleed Exploitationn
  • Insecure Deserializationn
  • Reflected and Persistent XSS Attacksn
  • DOM-Based XSS Attacksn
  • Spidering and Forced Browsingn
  • WPScann
  • SQL Injectionn
  • Blind SQL Injectionn
  • CSRF Exploitationn
  • XML External Entitiesn
  • Metasploit for Web Application Attacksn
  • Exploiting Shellshockn
  • Leveraging the sqlmap tooln
  • BeEF and Browser Exploitationn
  • Username Harvestingn
  • Password Guessing Attacksn
  • HTML Injectionn
  • Remote File Inclusionn
  • Local File Inclusionn
  • OS Command Injectionn
  • Drupalgeddon and Drupalgeddon 2 Exploitationn
  • BurpSuite Professional Scannern
  • Python for Web Application Pen Testersn
  • Troubleshooting when automated tools failn
  • Extensive use of both BurpSuite Pro and ZAP throughout the course

Course Currilcum

    • 01: Why Learn Web Penetration Test 00:00:00
    • 02: Web App Assessment Methodologies 00:00:00
    • 03: Web App Hacker’s Toolkit 00:00:00
    • 04: Whois & DNS 00:00:00
    • 05: Lab: DNS Harvesting 00:00:00
    • 06: Opensource Intelligence (OSINT) 00:00:00
    • 07: Lab: Virtual Host Discovery 00:00:00
    • 08: HTTP Syntax and Messaging 00:00:00
    • 09: HTTP Semantics 00:00:00
    • 10: HTTPS and Testing for Weak Ciphers 00:00:00
    • 11: Lab: Testing HTTPS 00:00:00
    • 12: Interception Proxies 00:00:00
    • 13: Lab: Installing Burp Suite & OWASP ZAP 00:00:00
    • 14: Burp Suite Walk-through 00:00:00
    • 15: OWASP ZAP Walk-through 00:00:00
    • 16: Lab: Proxying SSL via Burp and ZAP 00:00:00
    • 17: Heartbleed 00:00:00
    • 18: Lab: Testing and Exploiting Heartbleed 00:00:00
    • 19: Scanning with Nmap 00:00:00
    • 20: Lab: Collecting Server Information 00:00:00
    • 21: Software Configuration Testing 00:00:00
    • 22: ShellShock 00:00:00
    • 23: Lab: Identifying & Exploiting Shellshock 00:00:00
    • 24: Spidering Web Applications 00:00:00
    • 25: Lab: Web Spidering 00:00:00
    • 26: Analysing Spidering Results 00:00:00
    • 27: Lab: ZAP Forced Browse 00:00:00
    • 28: Fuzzing 00:00:00
    • 29: Information Leakage 00:00:00
    • 30: Authentication 00:00:00
    • 31: Lab: Authentication 00:00:00
    • 32: Username Harvesting 00:00:00
    • 33: Lab: Username Harvesting 00:00:00
    • 34: Burp Intruder 00:00:00
    • 35: Lab: Fuzzing with Burp Intruder 00:00:00
    • 36: Session Tracking 00:00:00
    • 37: Session Fixation 00:00:00
    • 38: Bypass Flaws 00:00:00
    • 39: Lab: Authentication Bypass 00:00:00
    • 40: Vulnerable Web Apps : OWASP BWA 00:00:00
    • 41: Command Injection 00:00:00
    • 42: Lab: Command Injection 00:00:00
    • 43: File Inclusion and Directory Traversal 00:00:00
    • 44: Lab: LFI & RFI Attacks 00:00:00
    • 45: SQL Injection : An Introduction 00:00:00
    • 46: Discovering SQL Injection 00:00:00
    • 47: Lab: Error Based SQL Injection 00:00:00
    • 48: Exploiting SQL Injection 00:00:00
    • 49: SQL Injection Tools 00:00:00
    • 50: Lab: SQLmap + ZAP 00:00:00
    • 51: XML External Entity (XXE) 00:00:00
    • 52: Lab: Exploiting XXE 00:00:00
    • 53: Document Object Model 00:00:00
    • 54: Cross Site Scripting (XSS) 00:00:00
    • 55: Types of XSS 00:00:00
    • 56: Lab: XSS Attacks 00:00:00
    • 57: Discovering XSS 00:00:00
    • 58: XSS Impact 00:00:00
    • 59: Lab: HTML Injection 00:00:00
    • 60: Automating Cross Site Scripting Attacks 00:00:00
    • 61: XSS Tools 00:00:00
    • 62: Browser Exploitation Framework (BeEF) 00:00:00
    • 63: Lab: BeEF 00:00:00
    • 64: AJAX 00:00:00
    • 65: API Attacks 00:00:00
    • 66: Data Attacks 00:00:00
    • 67: Lab: AJAX XSS Attack 00:00:00
    • 68: Cross Site Request Forgery (CSRF) 00:00:00
    • 69: Lab: CSRF Attack 00:00:00
    • 70: Logic Attacks 00:00:00
    • 71: Python for Web Hackers 00:00:00
    • 72: Lab: Python Scripts 00:00:00
    • 73: WPScan & ExploitDB 00:00:00
    • 74: Lab: WPScan 00:00:00
    • 75: Burp Scanner 00:00:00
    • 76: Metasploit 00:00:00
    • 77: Lab: Metasploit Framework 00:00:00
    • 78: Lab: Drupalgeddon2 00:00:00
    • 79: When Tools Fail 00:00:00
    • 80: Lab: When Tools Fail 00:00:00
    • 81: Writing Penetration Test Report 00:00:00
    • 82: Summary 00:00:00
2021 © Aristi Cybertech Private Limited. All rights reserved.