Ending In:
Certification Included
access
lifetime
content
5.5 Hours
enrolled
312
Description
If you're looking to build a career in security, there's no better place to focus your efforts than penetration testing. By understanding the vulnerabilities and dangers presented by your network's structure, you'll learn how to remedy these gaps and save your company from major security breaches.- Master ethical hacking techniques used in penetration systems w/ 22 lectures & 5.5 hours of content
- Learn the basic methods for penetration testing of a web application
- Go step-by-step through the entire penetration testing process
- Control remote servers
- Practice finding vulnerabilities in apps
- Learn to gain information on potential targets
- Study various attack types: authentication, session management, access controls, data stores, etc.
Instructor
Gabriel Avramescu is a Senior Information Security Consultant and IT Trainer. He works on an Internet security team focused on ethical hacking - deliberately and purposefully challenging the IT security assumptions, strategies, and methods of protecting vital assets and information by emulating an adversary.Important Details
- Length of time users can access this course: lifetime
- Access options: web streaming, mobile streaming
- Certification of completion not included
- Redemption deadline: redeem your code within 30 days of purchase
- Experience level required: beginner, but some basic IT skills and knowledge of Linux and/or Windows is suggested
Requirements
- Internet required
Terms
- Unredeemed licenses can be returned for store credit within 30 days of purchase. Once your license is redeemed, all sales are final.
Course Outline
- Why Web Security?
- Introduction
- Core Problems - Why Web Security
- Web Technologies
- Preparing the Lab Environment
- Mapping the Web Application. User and Password Brute-Forcing
- What Web Application Mapping Means
- Usernames and Passwords Brute-Forcing using Burp
- Spider and Analyze a Website using Burp
- Brute-frocing Web Resources using Dirb and Dirbuster
- Attacking Authentication and Session Management - Session Hijacking
- Theoretical Overview of Attacking Authentication and Session Management
- Session Hijacking trough Man In The Middle Attack
- Intercept and access traffic over HTTPS. Get Facebook or Gmail Passwords
- Access controls. Data stores and Client-side Controls
- Theoretical Approach of Attacking Access Controls
- SQL injection
- Exploiting SQLi using Sqlmap and Getting Remote Shell
- Upload and Remote File Execution
- Attacking the Server and Application Logic
- Attacking the server: OS Command injection, Path Traversal and Mail Injection
- Attacking Application Logic
- (XSS) Cross Site Scripting. Attacking the Users
- Cross Site Scripting Theory. Attacking Users
- Reflected XSS – Session Hijacking using Cross Site Scripting
- Stored or Persistent Cross Site Scripting
- Cross-site Request Forgery (CSRF)
- Guideline for Discovering and Improving Application Security
- Guideline for Discovering and Improving Application Security
access
lifetime
content
5.5 Hours
enrolled
312