A word about OWASP TOP 10 | The Offensive Labs

Autoplay
Autocomplete

Previous Lesson Complete and Continue

Web Application Penetration Testing

Course Introduction

Introduction (1:05)

Introduction

Web Application Architecture (3:12)
HTTP Requests & Responses (6:40)
A word about OWASP TOP 10 (1:27)

Lab Setup

Lab Downloads
Overview of the Lab setup (3:13)
Verifying the lab setup (2:39)
SSH into BookShelf Server (0:38)
Overview of BookShelf custom Vulnerable Application (3:56)

SQL Injection

Introduction to SQL Injection (3:01)
Authentication Bypass using SQLi - Payload 1 (3:24)
Authentication Bypass using SQLi - Payload 2 (1:44)
Exploiting SQL Injection, manual way - Part 1 (1:35)
Exploiting SQL Injection, manual way - Part 2 (17:55)
A word about Blind SQLi and Introduction to SQLMap (7:59)
Exploiting SQL Injection using SQLMap (4:41)
SQL Injection Prevention (3:00)

Same Origin Policy

An introduction to Same Origin Policy (5:54)

Cross Site Scripting

Introduction (2:32)
Types of XSS (4:54)
Testing for Reflected XSS (5:18)
Testing for Stored XSS (2:17)
Testing for DOM XSS (6:46)
XSS Example 1 in BookShelf Application (1:18)
XSS Example 2 in BookShelf Application (2:03)
Exploiting XSS - Cookie Stealing (7:23)

Cross Site Request Forgery (CSRF)

Understanding and exploiting CSRF (14:03)
CSRF payload using POST (5:03)

XML Vulnerabilities

XPATH Injection (4:12)
Preventing XPATH Injection (1:12)
Introduction to XML Entities (2:28)
Exploiting XXE (8:01)
A Quick XXE Tip (0:47)
Blind XXE and SSRF (5:31)
Exploiting Blind XXE (14:18)
Preventing XXE (1:07)

Access Control Issues

Lack of Access Controls (5:02)
Implementing Role Based Access Controls (2:02)

File Upload Vulnerabilities

Abusing file uploads (8:18)
Preventing file upload vulnerabilities (2:09)

Platform Misconfigurations

Introduction (0:45)
Exploiting CVE-2017-5638 (5:26)
Exploiting misconfigured tomcat (7:23)

Improper Error Handling

Examples of improper error handling (8:44)
Preventing improper error handling (1:10)

Java Deserialization

Introduction to Java Deserialization (4:28)
The vulnerable application (3:04)
Identifying the use of java serialization - Black Box Approach (4:08)
Identifying the use of java serialization - White Box Approach (4:23)
Identifying the use of java serialization - summary (0:53)
Custom Java Deserialization Exploitation leading to XSS (10:32)
Exploiting Java Deserialization using ysoserial (18:58)
Java Deserialization PoC using URLDNS (4:00)
Java Deserialization Prevention (0:53)

Broken Cryptography

Introduction (3:19)
Encoding vs Encryption vs Hashing (2:23)
How Crypto is used in Applications (3:21)
Password Cracking using hash identifier & John The Ripper (8:13)
Improper Crypto usage - Case Study (4:37)

Automated Vulnerability Scanning

Introduction (0:50)
Unauthenticated Scans using ZAP (5:59)
Authenticated Scans using ZAP (6:05)
Can automated scanners discover all vulnerabilities? (2:52)

Teach online with

A word about OWASP TOP 10

Complete and Continue