Unit 01: Introduction |
|
About The Course |
|
00:03:00 |
Unit 02: BE PREPARED |
|
Web Attack Simulation Lab |
|
00:12:00 |
Unit 03: WEB APPLICATION TECHNOLOGIES |
|
Web application technologies 101 – PDF |
|
01:34:00 |
|
HTTP Protocol Basics |
|
00:11:00 |
|
Encoding Schemes |
|
00:13:00 |
|
Same Origin Policy – SOP |
|
00:06:00 |
|
HTTP Cookies |
|
00:11:00 |
|
Cross-origin resource sharing |
|
00:05:00 |
|
Web application proxy – Burp suite |
|
00:09:00 |
Unit 04: INFORMATION GATHERING - MAPPING THE APPLICATIONS |
|
Fingerprinting web server |
|
00:05:00 |
|
DNS Analysis – Enumerating subdomains |
|
00:04:00 |
|
Metasploit for web application attacks |
|
00:12:00 |
|
Web technologies analysis in real time |
|
00:03:00 |
|
Outdated web application to server takeover |
|
00:08:00 |
|
BruteForcing Web applications |
|
00:06:00 |
|
Shodan HQ |
|
00:07:00 |
|
Harvesting the data |
|
00:05:00 |
|
Finding link of target with Maltego CE |
|
00:09:00 |
Unit 05: CROSS-SITE SCRIPTING ATTACKS – XSS |
|
Cross Site Scripting- XSS – PDF |
|
01:08:00 |
|
Cross site scripting |
|
00:07:00 |
|
Reflected XSS |
|
00:14:00 |
|
Persistent XSS |
|
00:11:00 |
|
DOM-based XSS |
|
00:10:00 |
|
Website defacement through XSS |
|
00:09:00 |
|
XML Documents & database |
|
00:14:00 |
|
Generating XSS attack payloads |
|
00:13:00 |
|
XSS in PHP, ASP & JS Code review |
|
00:13:00 |
|
Cookie stealing through XSS |
|
00:12:00 |
|
Advanced XSS phishing attacks |
|
00:08:00 |
|
Advanced XSS with BeEF attacks |
|
00:10:00 |
|
Advanced XSS attacks with Burp suite |
|
00:08:00 |
|
Code Review Guide |
|
06:20:00 |
Unit 06: SQL INJECTION ATTACKS – EXPLOITATIONS |
|
SQL Injection attacks – PDF |
|
01:30:00 |
|
Introduction to SQL Injection |
|
00:16:00 |
|
Dangers of SQL Injection |
|
00:05:00 |
|
Hunting for SQL Injection vulnerabilities |
|
00:20:00 |
|
In-band SQL Injection attacks |
|
00:27:00 |
|
Blind SQL Injection attack in-action |
|
00:10:00 |
|
Exploiting SQL injection – SQLMap |
|
00:09:00 |
|
Fuzzing for SQL Injection – Burp Intruder |
|
00:14:00 |
Unit 07: CROSS SITE REQUEST FORGERY – XSRF |
|
CSRF or XSRF attack methods |
|
00:12:00 |
|
Anti-CSRF Token methods |
|
00:15:00 |
|
Anti-CSRF token stealing-NOT easy |
|
00:11:00 |
Unit 08: AUTHENTICATION & AUTHORIZATION ATTACKS |
|
Authentication bypass-hydra |
|
00:11:00 |
|
HTTP Verb Tampering |
|
00:09:00 |
|
HTTP parameter pollution – HPP |
|
00:06:00 |
|
Authentication |
|
00:10:00 |
Unit 09: CLIENT SIDE SECURITY TESTING |
|
Client side control bypass |
|
00:10:00 |
Unit 10: FILE RELATED VULNERABILITIES |
|
LFI & RFI attacks |
|
00:13:00 |
|
Unrestricted file upload – content type |
|
00:06:00 |
|
Unrestricted File Upload – Extension Type |
|
00:06:00 |
|
Remote code execution using Shell Uploads |
|
00:09:00 |
Unit 11: XML EXTERNAL ENTITY ATTACKS – XXE |
|
XML Documents & database |
|
00:14:00 |
|
XXE attacks in action |
|
00:14:00 |
Resources |
|
Advance intruder attack types |
|
00:23:00 |
|
Finding details with open source |
|
00:17:00 |
Assignment |
|
Assignment -Web Application Penetration Testing Course |
|
00:00:00 |