Web Application Hacking & Penetration Testing

  • Post category:StudyBullet-7
  • Reading time:7 mins read


Learn how to hack web applications and exploit OWASP top 10 security vulnerabilities.

What you will learn

Learn web application security vulnerabilities

Exploit Injection – SQL Injection, Command injection

Broken Authentication and Session Management

Sensitive Data Exposure

XML External Entities (XXE) attack

Broken Access Control/Insecure Direct Object References

Security Misconfiguration

Cross-Site Scripting (XSS) – Persistent XSS, Reflected XSS, Cross Site Request Forgery (CSRF)

Insecure Deserialization

Using Components with Known Vulnerabilities

Insuffcient Logging and Monitoring

Bonus Section – Unvalidated Redirects and Forwards

Description

If you are looking for a course that provides good coverage of the important top 10 security vulnerabilities in Web Applications in a short and concise way then you have come to the right place !!  This course is relevant whether you are looking for application that are deployed on cloud or physical servers and VM’s since the web application vulnerabilities don’t magically disappear just because the application is deployed on the cloud.

This course is focused on practical learning and applying your knowledge. To achieve that the course includes tutorial on how to install Xampp server and vulnerable applications on your machine so that you can practice what you are learning rather than just watch the tutorials.

There are many courses which mainly focus on how to exploit the vulnerabilities of physical servers but with the cloud being the preferred way nowadays to deploy application and also with advances made in securing physical servers learning those techniques may not prove to be very advantageous.

This course covers the below OWASP top 10 web application security risks –

1. Injection – SQL Injection, Command Injection

2. Broken Authentication

3. Sensitive Data Exposure

4. XML External Entities (XXE)


Get Instant Notification of New Courses on our Telegram channel.


5. Broken Access Control

6. Security Misconfiguration

7. Cross-Site Scripting (XSS)

8. Insecure Deserialization

9. Using Components with Known Vulnerabilities

10. Insuffcient Logging and Monitoring

This course is for educational purposes only.

English
language

Content

Introduction

Introduction

Installation

Install XAMPP
Install DVWA and Mutillidae
Install Burp Suite and Capture traffic

Information Gathering

Website information and technologies used
Web application subdomains
Finding other web applications installed on server

Injection vulnerability

Injection, Real breaches
SQL injection – Get database, tables and users credentials
SQL injection – ByPass checks on login page at low and medium secure levels
Command injection vulnerability

Broken Authentication vulnerability

Broken Authentication and Real Breaches
Logging as Admin by manipulating cookies
Username Harvesting

Sensitive Data Exposure

Sensitive Data Exposure – Real Breaches
Paths Exposed by Robots file and Accounts Exposed
Sensitive Information Disclosure

XML External Entities (XXE) vulnerability

XML External Entities (XXE) Flaw and Real Breaches
XXE Vulnerability Demonstration

Broken Access Control Vulnerability

Broken Access Control and Real Breaches
Insecure Direct Object Reference (IDOR)
Local File Inclusion Flaw
Remote File Inclusion Flaw

Security Misconfiguration

Security Misconfiguration – Real Breaches
Directory Browsing Issue
Unrestricted File Upload Issue

Cross-Site Scripting (XSS) & Cross Site Request Forgery (CSRF)

XSS Flaw and Real Breaches
Persistent and Reflected XSS Demonstration
Cross Site Request Forgery (CSRF) Demonstration

Insecure Deserialization

Insecure Deserialization Vulnerability

Using Components with Known Vulnerabilities

Using Components with Known Vulnerabilities

Insufficient Logging & Monitoring

Insufficient Logging & Monitoring

Bonus Section

Unvalidated Redirects and Forwards
Enroll for Free

💠 Follow this Video to Get Free Courses on Every Udemy Topics! 💠

Tags: , ,