Tech & IT
Business
Coding & Developer
Finance & Accounting
Academics
Office Applications
Art & Design
Marketing
Health & Wellness
Sounds & Music
Lifestyle
Photography
Get Unlimited Learning Access
$29
7 days left at this price!
30-Day Money-Back Guarantee
This plan includes
- Instant access to 11,000+ online courses
- Play & Pause Course Videos
HD Video Recorded Lectures- Learn on Mobile/PC/Tablet
- Quizzes and Real Projects
- Lifetime Course Certificate
- Instructor Chat Support
- Cancel Plan Anytime
Subscribe to Learnfly’s top courses
Get this course, plus 11,000+ of our top-rated courses for one year with Go Annually Plan.
7 days left at this price!
30-Day Money-Back Guarantee
This plan includes
- Instant access to 11,000+ online courses
- Play & Pause Course Videos
- HD Video Recorded Lectures
- Learn on Mobile/PC/Tablet
- Quizzes and Real Projects
- Lifetime Course Certificate
- Instructor Chat Support
- Cancel Plan Anytime
$29
What you'll learn?
- Assess Web applications insecurities
- Audit OWASP Top 10
- Perform web security audits
- Penetrate web applications
- Perform bug hunting
- Burp suite advanced
- Analysing web apps with Burp suite
- Be a Web app hacker!
Course Overview
This is highly practical and hands-on training for Web application penetration testing that covers the OWASP top 10 vulnerabilities to attack and secure.
Combining the most advanced techniques used by offensive hackers to exploit and secure.
[+] Course at a glance
- Starting with various terminologies of web technologies such as, HTTP cookies, CORS, Same-origin-policy etc and ends with multiple resourceFs.
- Once you get sufficient insights of web technologies, the second module covers the, Mapping of application for insecurities, with various tools and tricks with heavy usage of most advanced intercepting proxy "Burp Suite".
- Mostly focused over serious vulnerabilities such as SQL Injection, Cross-site scripting, Cross-site request forgery, XML External Entity (XXE) attacks, Remote command Execution, Identifying load balancers, Metasploit for web applications, Advanced phishing attacks through XSS and more..
[+] Training Methodology
Every lesson starts with Finding and hunting for vulnerability by taking the points how developers make and secure the web application at the time of development, once we have the clear path of working of development phase to security, then we hunt for application business logics to attack. This is where most penetration testers failed in their own game.
"If i need to chop down a tree in six hours, i will use four hours to sharpen my axe and rest 2 hours to cut the tree"
The same strategy has been covered in this course. we start with getting around of web applications by making analysis of application and watching the working behavior of the same.
#This course has been adapted from our work experience at gray hat security.
[+] Course materials
- Offline access to read PDF slides
- 8+ Hours of Videos lessons
- Self-paced HTML/Flash
- Access from PC, TABLETS, SMARTPHONES.
- 400+ PDF Slides
Pre-requisites
- Basic knowledge of JavaScript and HTML
Target Audience
- General security practitioners or Ethical hackers, security experts
- Penetration testers, Web administrators
- Database administrators
- Web application developers, Website designers and architects
- Ethical hackers
- Cyber security enthusiasts
- Network security enthusiasts
- Data security enthusiasts
- Web server hackers
- Exploit writers
- Secure coders
- Administrators
- Network administrators
- Bug bounty hunters
Curriculum 59 Lectures 08:36:49
-
Section 1 : BE PREPARED!
-
Section 2 : WEB APPLICATION TECHNOLOGIES 101
- Lecture 1 :
- HTTP Protocol basics
- Lecture 2 :
- Encoding Schemes
- Lecture 3 :
- Same Origin Policy - SOP
- Lecture 4 :
- HTTP Cookies
- Lecture 5 :
- Cross-Origin resource sharing - CORS
- Lecture 6 :
- Web application proxy
- Lecture 7 :
- Web application architecture - PDF
- Lecture 8 :
- HTTP State Management Mechanism - RFC6265
- Lecture 9 :
- DNSSEC- RFC_3008
- Lecture 10 :
- Domain names concepts - rfc1034
-
Section 3 : MAPPING THE APPLICATIONS
- Lecture 1 :
- Fingerprinting web servers
- Lecture 2 :
- DNS Analysis - Enumerating subdomains
- Lecture 3 :
- Metasploit for web application attacks
- Lecture 4 :
- Web technologies analysis in real time
- Lecture 5 :
- Outdated web application to server takeover
- Lecture 6 :
- BruteForcing Web applications
- Lecture 7 :
- Shodan HQ
- Lecture 8 :
- Harvesting the data
- Lecture 9 :
- Finding link of target with Maltego CE
- Lecture 10 :
- Finding target details and documents - by open source
-
Section 4 : CROSS-SITE SCRIPTING ATTACKS - XSS
- Lecture 1 :
- Cross Site Scripting - XSS - PDF
- Lecture 2 :
- Cross site scripting 101
- Lecture 3 :
- Reflected XSS
- Lecture 4 :
- Persistent XSS
- Lecture 5 :
- DOM-Based XSS
- Lecture 6 :
- Website defacement through XSS
- Lecture 7 :
- Generating XSS attack payloads
- Lecture 8 :
- XSS in PHP, ASP & JS Code review
- Lecture 9 :
- Cookie stealing through XSS
- Lecture 10 :
- Advanced XSS phishing attacks
- Lecture 11 :
- Advanced XSS with BeEF attacks
- Lecture 12 :
- Advanced XSS attacks with Burp suite
- Lecture 13 :
- Advanced Burp Intruder attacks
- Lecture 14 :
- Codes for XSS phishing, cookie stealing and GUIDES
-
Section 5 : SQL INJECTION ATTACKS - EXPLOITATIONS
- Lecture 1 :
- Introduction to SQL Injection
- Lecture 2 :
- Dangers of SQL Injections
- Lecture 3 :
- Hunting for SQL Injection vulnerabilities
- Lecture 4 :
- In-band SQL Injection attacks
- Lecture 5 :
- Blind SQL Injection attack in-action
- Lecture 6 :
- Exploiting SQL injection - SQLMap
- Lecture 7 :
- Fuzzing for SQL Injection - Burp Intruder
- Lecture 8 :
- Resources
-
Section 6 : CROSS SITE REQUEST FORGERY - XSRF
- Lecture 1 :
- CSRF or XSRF attack methods
- Lecture 2 :
- Anti-CSRF Token methods
- Lecture 3 :
- Anti-CSRF token stealing-NOT easy
- Lecture 4 :
- CSRF Prevention cheetsheet
-
Section 7 : AUTHENTICATION & AUTHORIZATION ATTACKS
- Lecture 1 :
- Simple Authentication bypass-hydra
- Lecture 2 :
- HTTP Verb Tampering
- Lecture 3 :
- HTTP parameter pollution - HPP
-
Section 8 : CLIENT SIDE SECURITY TESTING
- Lecture 1 :
- Client side control bypass
- Lecture 2 :
- Web socket-rfc6455
-
Section 9 : FILE RELATED VULNERABILITIES
- Lecture 1 :
- LFI & RFI attack
- Lecture 2 :
- Unrestricted file upload - content type
- Lecture 3 :
- Unrestricted file upload - extension
- Lecture 4 :
- Remote code execution using Shell Uploads
-
Section 10 : XML EXTERNAL ENTITY ATTACKS - XXE
- Lecture 1 :
- XML Documents & database
- Lecture 2 :
- XXE attacks in action
-
Section 11 : EXTERNAL RESOURCES FOR WEBSITE AUDITING AND OTHERS
- Lecture 1 :
- RESOURCES
Our learners work at
Frequently Asked Questions
-
How do i access the course after purchase?
It's simple. When you sign up, you'll immediately have unlimited viewing of thousands of expert courses, paths to guide your learning, tools to measure your skills and hands-on resources like exercise files. There’s no limit on what you can learn and you can cancel at any time. -
Are these video based online self-learning courses?
Yes. All of the courses comes with online video based lectures created by certified instructors. Instructors have crafted these courses with a blend of high quality interactive videos, lectures, quizzes & real world projects to give you an indepth knowledge about the topic. -
Can i play & pause the course as per my convenience?
Yes absolutely & thats one of the advantage of self-paced courses. You can anytime pause or resume the course & come back & forth from one lecture to another lecture, play the videos mulitple times & so on. -
How do i contact the instructor for any doubts or questions?
Most of these courses have general questions & answers already covered within the course lectures. However, if you need any further help from the instructor, you can use the inbuilt Chat with Instructor option to send a message to an instructor & they will reply you within 24 hours. You can ask as many questions as you want. -
Do i need a pc to access the course or can i do it on mobile & tablet as well?
Brilliant question? Isn't it? You can access the courses on any device like PC, Mobile, Tablet & even on a smart tv. For mobile & a tablet you can download the Learnfly android or an iOS app. If mobile app is not available in your country, you can access the course directly by visting our website, its fully mobile friendly. -
Do i get any certificate for the courses?
Yes. Once you complete any course on our platform along with provided assessments by the instructor, you will be eligble to get certificate of course completion.
-
For how long can i access my course on the platform?
You require an active subscription to access courses on our platform. If your subscription is active, you can access any course on our platform with no restrictions. -
Is there any free trial?
Currently, we do not offer any free trial. -
Can i cancel anytime?
Yes, you can cancel your subscription at any time. Your subscription will auto-renew until you cancel, but why would you want to?
Instructor
146761 Course Views
2 Courses
Security Analyst | IT AUDITOR | Cyber laws expert | Author | Public speaker | CISSP
Having more than 10 years of working experience in the information security field.
Have trained more than 60k students on the topic of Information security & penetration testing in classroom mode and online across 168 countries. with expertise in web application penetration testing, i have performed several penetration tests and security audits, security analysis with private, governments and security agencies to help assist with to cope with cyber threats.
View More...
