Oreilly - Complete Ethical Hacking and Penetration Testing for Web Apps
by Abhilash Nelson | Publisher: Packt Publishing | Release Date: March 2019 | ISBN: 9781838825423
Learn OWASP TOP 10 Vulnerability Categories and the Defenses and Fixes for them. Covering all the popular hacking typesAbout This VideoYou will learn to build a good security application or guide the developer to build a good application which is almost secure.You will learn to test a web application or test a cloud-based application.In Detail In this course, we will be concentrating mainly on how Penetration Testing can be done on web-based applications. And it can also be used for mobile-based applications because most of the mobile-based applications communicate with a cloud-based API. The security of this API is actually the security of the mobile application which is using this API. By the end of this course, you will have complete knowledge about Ethical hacking and penetration testing and you are going to have a really thrilling experience doing it. So, see you soon in the classroom.
- Chapter 1 : Quick Overview of the Course
- Quick Overview of the Course 00:06:28
- Chapter 2 : Lab Setup 1: Install WAMP
- Install WAMP, the Apache, PHP and MySQL stack for hosting the demo web server 00:04:07
- Chapter 3 : Lab Setup 2: Install Mutillidae
- Install Mutillidae II, a free, open source, deliberately vulnerable web-app 00:03:49
- Chapter 4 : Lab Setup 3: Install Burp Suite
- Introduction - Implement CICD Pipelines With Jenkins DSL 00:07:38
- Chapter 5 : SQL Injection - Attack and Defenses
- Install Burp Suite - An integrated platform for security testing of web Sites 00:09:43
- Chapter 6 : OS Command Injection - Attack and Defenses
- OS Command Injection - Hacking Techniques and Defenses 00:07:25
- Chapter 7 : JSON Injection Attack using Reflected XSS Technique and Defense Measures
- JSON Injection Attack using Reflected XSS Technique and Defense Measures 00:11:40
- Chapter 8 : Cookie Manipulation Attack and Defenses
- Cookie Manipulation Attack and Defense Tips 00:11:08
- Chapter 9 : Username Enumeration Attack - Part 1& 2
- Username Enumeration Attack - Part 1 00:07:06
- Username Enumeration Attack and Defense Tips - Part 2 00:07:06
- Chapter 10 : Brute Force Attack Technique and Defenses
- Brute Force Attack Technique and Defenses 00:11:49
- Chapter 11 : Cross Site Scripting (Reflected XXS using HTML Context)
- Cross Site Scripting (Reflected XXS using HTML Context) 00:08:15
- Chapter 12 : Cross Site Scripting (Reflected XXS using JavaScript)
- Cross Site Scripting (Reflected XSS using JavaScript) 00:10:40
- Chapter 13 : Storage Cross Site Scripting Attack - XSS Defenses
- Storage Cross Site Scripting Attack - XSS Defenses 00:11:02
- Chapter 14 : Insecure Direct Object Reference - IDOR and Defense using File Tokens
- Insecure Direct Object Reference - IDOR and Defense using File Tokens 00:08:06
- Chapter 15 : Insecure Direct Object Reference - IDOR and Defense using URL Tokens
- Insecure Direct Object Reference - IDOR and Defense using URL Tokens 00:05:04
- Chapter 16 : Directory Browsing / Traversal Threat Demonstration
- Directory Browsing / Traversal Threat Demonstration 00:05:32
- Chapter 17 : XXE - XML External Entity Attack
- XXE - XML External Entity Attack Demonstration 00:05:55
- Chapter 18 : User Agent Manipulation or Spoofing Attack
- User Agent Manipulation or Spoofing Attack 00:08:02
- Chapter 19 : Security miss-configuration Attack Defenses (DIR Browsing, XXE, User Agent)
- Security miss-configuration Attack Defenses (DIR Browsing, XXE, User Agent) 00:04:34
- Chapter 20 : Sensitive Data Exposure Vulnerability (HTML/CSS/JS Comments)
- Sensitive Data Exposure Vulnerability (via HTML/CSS/JS Comments) 00:04:29
- Chapter 21 : Hidden / Secret URL Vulnerability and Defenses
- Hidden / Secret URL Vulnerability and Defenses 00:10:18
- Chapter 22 : HTML 5 Web Storage Vulnerability and Defenses
- HTML 5 Web Storage Vulnerability and Defenses 00:08:44
- Chapter 23 : Role Based Access Vulnerability and Defense
- Role Based Access Vulnerability and Defense 00:05:08
- Chapter 24 : CSRF - Cross Site Request Forgery Attack
- CSRF - Cross Site Request Forgery Attack - Part 1 00:08:37
- CSRF - Cross Site Request Forgery Attack & Defenses - Part 2 00:04:21
- Chapter 25 : Entropy Analysis for CSRF Token
- Entropy Analysis for CSRF Token 00:11:34
- Chapter 26 : CVSS - Common Vulnerability Scoring System
- CVSS - Common Vulnerability Scoring System 00:05:57
- Chapter 27 : Unvalidated URL Redirect Attack and Prevention code sample
- Unvalidated URL Redirect Attack and Prevention code sample 00:07:07
TO MAC USERS: If RAR password doesn't work, use this archive program:
RAR Expander 0.8.5 Beta 4 and extract password protected files without error.
TO WIN USERS: If RAR password doesn't work, use this archive program:
Latest Winrar and extract password protected files without error.