Autoplay
Autocomplete
Previous Lesson
Complete and Continue
Gabriel Avramescu - Web Penetration Tester - Jump Up A Level in Your Career
Why Web Security?
Introduction (1:14)
Core Problems - Why Web Security (7:33)
Web Technologies
Preparing the Lab Environment (8:31)
Join Our Online Classroom!
Mapping the Web Application. User and Password Brute-Forcing
What Web Application Mapping Means
Usernames and Passwords Brute-Forcing using Burp (14:54)
Spider and Analyze a Website using Burp (5:27)
Brute-frocing Web Resources using Dirb and Dirbuster (10:38)
Attacking Authentication and Session Management - Session Hijacking
Theoretical Overview of Attacking Authentication and Session Management
Session Hijacking trough Man In The Middle Attack (11:05)
Intercept and access traffic over HTTPS. Get Facebook or Gmail Passwords (8:56)
Access controls. Data stores and Client-side Controls
Theoretical Approach of Attacking Access Controls
SQL injection (9:09)
Exploiting SQLi using Sqlmap and Getting Remote Shell (10:07)
Upload and Remote File Execution (10:43)
Attacking the Server and Application Logic
Attacking the server: OS Command injection, Path Traversal and Mail Injection
Attacking Application Logic
(XSS) Cross Site Scripting. Attacking the Users
Cross Site Scripting Theory. Attacking Users
Reflected XSS – Session Hijacking using Cross Site Scripting (10:29)
Stored or Persistent Cross Site Scripting (6:59)
Cross-site Request Forgery (CSRF) (7:19)
Guideline for Discovering and Improving Application Security
Guideline for Discovering and Improving Application Security
Overview of a Wordpress attack
Lab Setup (2:48)
Overview of a Wordpress attack (10:26)
Exploit Vulnerable Wordpress Plugin (9:18)
Upload a backdoor (7:36)
Sending spam (17:20)
Intercept and access traffic over HTTPS. Get Facebook or Gmail Passwords
Lesson content locked
If you're already enrolled,
you'll need to login
.
Enroll in Course to Unlock