This course was created with the
course builder. Create your online course today.
Start now
Create your course
with
Autoplay
Autocomplete
Previous Lesson
Complete and Continue
Web application penetration testing professional - WAPTP v3.1 (With Certification)
INTRODUCTION
About course (2:47)
BE PREPARED
Web attack simulation Lab (11:38)
WEB APPLICATION TECHNOLOGIES 101
Web application technologies 101 - PDF
HTTP Protocol Basics (10:48)
Encoding Schemes (13:07)
Same Origin Policy - SOP (6:18)
HTTP Cookies (10:59)
Cross-origin resource sharing (4:53)
Web application proxy - Burp suite (9:10)
Web application architecture - PDF
HTTP State Management Mechanism - RFC6265
DNSSEC- RFC_3008
Domain names concepts - rfc1034
INFORMATION GATHERING - MAPPING THE APPLICATIONS
Fingerprinting web server (5:25)
DNS Analysis - Enumerating subdomains (3:53)
Metasploit for web application attacks (12:06)
Identifying Load Balancers
Web technologies analysis in real time (2:45)
Outdated web application to server takeover (7:35)
BruteForcing Web applications (5:57)
Shodan HQ (7:11)
Harvesting the data (5:02)
Finding link of target with Maltego CE (8:41)
Finding target details and documents - by open source (16:07)
CROSS-SITE SCRIPTING ATTACKS - XSS
Cross Site Scripting- XSS - PDF
Cross site scripting 101 (7:26)
Reflected XSS (13:43)
Persistent XSS (11:05)
DOM-based XSS (10:09)
Website defacement through XSS (9:22)
Generating XSS attack payloads (12:46)
XSS in PHP, ASP & JS Code review (13:23)
Cookie stealing through XSS (12:23)
Advanced XSS phishing attacks (7:37)
Advanced XSS with BeEF attacks (9:34)
Advanced XSS attacks with Burp suite (8:20)
Codes for XSS phishing, cookie stealing
SQL INJECTION ATTACKS - EXPLOITATIONS
SQL Injection attacks - PDF
Introduction to SQL Injection (16:20)
Dangers of SQL Injection (4:47)
Hunting for SQL Injection vulnerabilities (19:53)
In-band SQL Injection attacks (26:32)
Blind SQL Injection attack in-action (9:44)
Exploiting SQL injection - SQLMap (8:46)
Fuzzing for SQL Injection - Burp Intruder (13:41)
Druppageddon attack -Resources
CROSS SITE REQUEST FORGERY - XSRF
CSRF or XSRF attack methods (12:21)
Anti-CSRF Token methods (15:19)
Anti-CSRF token stealing-NOT easy (11:18)
CSRF Prevention
AUTHENTICATION & AUTHORIZATION ATTACKS
Authentication bypass-hydra (11:02)
HTTP Verb Tampering (8:49)
HTTP parameter pollution - HPP (6:01)
Authentication Cheet sheet - OWASP
CLIENT SIDE SECURITY TESTING
Client side control bypass (9:36)
Click-jacking attack (10:42)
Web socket-rfc6455
Cross window messeging - Resource
FILE RELATED VULNERABILITIES
LFI & RFI attacks (12:41)
Unrestricted file upload - content type (6:29)
Unrestricted file upload - exetension type (5:30)
Remote code execution using Shell Uploads (9:14)
XML EXTERNAL ENTITY ATTACKS - XXE
XML Documents & database (13:38)
XXE attacks in action (13:52)
Out-of-band XXE - Resource
EXTERNAL RESOURCES FOR WEBSITE AUDITING
Website auditing - Wordpress
Defence-In-Defth applied to web applications
Q&A
Reflected XSS
Lesson content locked
If you're already enrolled,
you'll need to login
.
Enroll in Course to Unlock