Web App Penetration Testing

Become a bug bounty hunter! Learn to hack websites, fix vulnerabilities, and improve web security online for clients.

Ratings: 3.37 / 5.00




Description

This course is for Absolute Beginners to Expert levels and Freshers out of College who want to start career with Web Security.


This course is for Absolute Beginners to Expert levels. A variety of applications with known Web Security vulnerabilities and Web App Penetration Testing.


  1. Setting up a web app pentesting lab

  2. Burp Suite

  3. Testing for account enumeration and guessable accounts

  4. Weak lock-out mechanisms

  5. Testing for bypassing authentication schemes

  6. Browser cache weaknesses

  7. Testing the account provisioning process via REST API

  8. Testing for directory traversal

  9. Local File Include (LFI)

  10. Remote File Include (RFI)

  11. Testing for privilege escalation

  12. IDOR

  13. Testing session token strength using Sequencer

  14. Testing for cookie attributes

  15. Testing for session fixation

  16. Exposed session variables

  17. Cross-Site Request Forgery

  18. Testing business logic data validation

  19. Unrestricted file upload – bypassing weak validation

  20. Performing process-timing attacks

  21. Testing for the circumvention of workflows

  22. Uploading malicious files – polyglots

  23. Reflected cross-site scripting

  24. Stored cross-site scripting

  25. Testing for HTTP verb tampering

  26. HTTP Parameter Pollution

  27. Testing for SQL injection

  28. Command injection


Web App Penetration Testing - Home LAB.


1 - How To Setup A Virtual Penetration Testing Lab

2 - Listening for HTTP traffic, using Burp

3 - Getting to Know the Burp Suite of Tools, Know the Burp Suite

4 - Assessing Authentication Schemes

5 - Assessing Authorization Checks

6 - Assessing Session Management Mechanisms

7 - Assessing Business Logic

8 - Evaluating Input Validation Checks


Above mentioned points will cover in this course which is help you to find Web Security Vulnerabilities and Web App Penetration testing

What You Will Learn!

  • Setting up a web app pentesting lab
  • Burp Suite
  • Account enumeration and guessable accounts
  • weak lock-out mechanisms
  • Bypassing authentication schemes
  • Browser cache weaknesses
  • Account provisioning process via REST API
  • Directory traversal - LFI, RFI
  • Privilege escalation & IDOR
  • Session token strength using Sequencer
  • Cookie attributes
  • Session fixation
  • Exposed session variables & CSRF
  • Business logic data validation
  • Unrestricted file upload – bypassing weak validation
  • Performing process-timing attacks
  • Testing for the circumvention of workflows
  • Uploading malicious files – polyglots
  • Reflected cross-site scripting & Stored cross-site scripting
  • HTTP verb tampering & HTTP Parameter Pollution
  • SQL injection
  • Command injection

Who Should Attend!

  • Penetration Testing
  • Web App Penetration Testing
  • Web Securtiy
  • Ethical Hacking
  • Bug Hunter
  • Bug Bounty
  • Web Pentesting Lab