Ethical Hacking with JavaScript
Master Advanced Techniques for Using JavaScript for Ethical Hacking and Web Application Testing
Description
You've found a XSS vulnerability....but now what?
Has a client ever wanted you to demonstrate the danger of a vulnerability you found for them?
If so, then you need to Learn Ethical Hacking with JavaScript! After this course, you will be able to exploit web security vulnerabilities by using a variety of skills and techniques centered on JavaScript.
After a quick review of some common web application flaws, we'll jump right into using JavaScript as an offensive weapon against the application and clients.
Each topic is presented from the perspective of requiring the pentester to demonstrate how a vulnerability can be exploited and the potential impact of not taking corrective action. The course provides a balanced mix of theory, code, and live demonstrations of each exploit in action.
Learn to tamper with site content - altering the page, forms, links, and functionality. Then take it to the next level by abusing HTML forms to capture additional data on form submission, sending that data to a server you control.
See how to disclose the contents of user cookies, then quickly move to stealing the cookies and sending them to another server. Learn to steal credentials and abuse application authentication.
Further compromise users by capturing mouse interactions and implementing a custom key logger. Learn to abuse knowledge-based authentication schemes such as the secret question/answer approach for account resets.
Progress to more advanced techniques where you learn to chain together multiple attacks aimed at exploiting several application vulnerabilities simultaneously. Areas covered here include creating fraudulent forum posts, spear phishing campaigns, and using command injection to access a web server's operating system.
And we'll wrap the course up with some defensive techniques you can use to prevent the types of attacks we've been launching at web applications.
All Ethical Hacking! All done with JavaScript!
What You Will Learn!
- Ethical Hacking techniques based on JavaScript
- Exploiting XSS flaws to inject custom JavaScript
- Tamper with page content, links, forms, and cookies
- Advanced attacks using key loggers and mouse capture
- Use JavaScript to support Spear Phishing efforts
- Combine exploits to retrieve the passwd file
- Learn to use JavaScript to trigger Command Injection attacks against the operating system
- Find out how to move from reflected XXS attacks to employing XSS at scale with persisted attacks
- Exploit account recovery features of an application to collect user secret questions and answers
Who Should Attend!
- All Levels