Autoplay
Autocomplete
Previous Lesson
Complete and Continue
Web Application Penetration Testing
Course Introduction
Introduction (1:05)
Introduction
Web Application Architecture (3:12)
HTTP Requests & Responses (6:40)
A word about OWASP TOP 10 (1:27)
Lab Setup
Lab Downloads
Overview of the Lab setup (3:13)
Verifying the lab setup (2:39)
SSH into BookShelf Server (0:38)
Overview of BookShelf custom Vulnerable Application (3:56)
SQL Injection
Introduction to SQL Injection (3:01)
Authentication Bypass using SQLi - Payload 1 (3:24)
Authentication Bypass using SQLi - Payload 2 (1:44)
Exploiting SQL Injection, manual way - Part 1 (1:35)
Exploiting SQL Injection, manual way - Part 2 (17:55)
A word about Blind SQLi and Introduction to SQLMap (7:59)
Exploiting SQL Injection using SQLMap (4:41)
SQL Injection Prevention (3:00)
Same Origin Policy
An introduction to Same Origin Policy (5:54)
Cross Site Scripting
Introduction (2:32)
Types of XSS (4:54)
Testing for Reflected XSS (5:18)
Testing for Stored XSS (2:17)
Testing for DOM XSS (6:46)
XSS Example 1 in BookShelf Application (1:18)
XSS Example 2 in BookShelf Application (2:03)
Exploiting XSS - Cookie Stealing (7:23)
Cross Site Request Forgery (CSRF)
Understanding and exploiting CSRF (14:03)
CSRF payload using POST (5:03)
XML Vulnerabilities
XPATH Injection (4:12)
Preventing XPATH Injection (1:12)
Introduction to XML Entities (2:28)
Exploiting XXE (8:01)
A Quick XXE Tip (0:47)
Blind XXE and SSRF (5:31)
Exploiting Blind XXE (14:18)
Preventing XXE (1:07)
Access Control Issues
Lack of Access Controls (5:02)
Implementing Role Based Access Controls (2:02)
File Upload Vulnerabilities
Abusing file uploads (8:18)
Preventing file upload vulnerabilities (2:09)
Platform Misconfigurations
Introduction (0:45)
Exploiting CVE-2017-5638 (5:26)
Exploiting misconfigured tomcat (7:23)
Improper Error Handling
Examples of improper error handling (8:44)
Preventing improper error handling (1:10)
Java Deserialization
Introduction to Java Deserialization (4:28)
The vulnerable application (3:04)
Identifying the use of java serialization - Black Box Approach (4:08)
Identifying the use of java serialization - White Box Approach (4:23)
Identifying the use of java serialization - summary (0:53)
Custom Java Deserialization Exploitation leading to XSS (10:32)
Exploiting Java Deserialization using ysoserial (18:58)
Java Deserialization PoC using URLDNS (4:00)
Java Deserialization Prevention (0:53)
Broken Cryptography
Introduction (3:19)
Encoding vs Encryption vs Hashing (2:23)
How Crypto is used in Applications (3:21)
Password Cracking using hash identifier & John The Ripper (8:13)
Improper Crypto usage - Case Study (4:37)
Automated Vulnerability Scanning
Introduction (0:50)
Unauthenticated Scans using ZAP (5:59)
Authenticated Scans using ZAP (6:05)
Can automated scanners discover all vulnerabilities? (2:52)
Teach online with
How Crypto is used in Applications
Lesson content locked
If you're already enrolled,
you'll need to login
.
Enroll in Course to Unlock