❗The content presented here is sourced directly from Udemy platform. For comprehensive course details, including enrollment information, simply click on the 'Go to class' link on our website.
Updated in [September 27th, 2023]
What does this course tell?
(Please note that the following overview content is from the original platform)This is highly practical and hands-on training for Web application penetration testing that covers the OWASP top 10 vulnerabilities to attack and secure Combining the most advanced techniques used by offensive hackers to exploit and secure [+
We considered the value of this course from many aspects, and finally summarized it for you from two aspects: skills and knowledge, and the people who benefit from it:
(Please note that our content is optimized through artificial intelligence tools and carefully reviewed by our editorial staff.)
What skills and knowledge will you acquire during this course?
During this course on Web application Penetration testing & Security, the learner will acquire the following skills and knowledge:
1. Understanding of web technologies: The course starts by covering various terminologies of web technologies such as HTTP, cookies, CORS, and Same-origin-policy. This provides a foundation for understanding the vulnerabilities and security measures.
2. Mapping application for insecurities: The second module focuses on using various tools and tricks to identify vulnerabilities in web applications. The course heavily utilizes the advanced intercepting proxy tool "Burp Suite" for this purpose.
3. Exploiting serious vulnerabilities: The course specifically targets serious vulnerabilities such as SQL Injection, Cross-site scripting, Cross-site request forgery, XML External Entity (XXE) attacks, Remote command Execution, and identifying load balancers. The learner will gain hands-on experience in exploiting these vulnerabilities.
4. Metasploit for web applications: The course covers the usage of Metasploit, a popular penetration testing framework, specifically for web applications. The learner will learn how to leverage Metasploit for advanced attacks and exploitation.
5. Advanced phishing attacks through XSS: The course delves into advanced phishing attacks using Cross-site scripting (XSS). The learner will understand the techniques used by attackers to trick users into revealing sensitive information.
6. Training methodology: The course follows a practical and hands-on approach. Each lesson starts with finding and hunting for vulnerabilities, understanding how developers make and secure web applications. The learner will gain insights into the development phase and its impact on security.
7. Course materials: The course provides offline access to PDF slides for reading, along with over 8 hours of video lessons. The materials are self-paced and accessible from various devices such as PCs, tablets, and smartphones. There are over 400 PDF slides available for reference.
Who will benefit from this course?
This course on Web application Penetration testing & Security will benefit individuals who are interested in or working in the field of cybersecurity, specifically in web application security.
Professionals such as penetration testers, ethical hackers, security analysts, and web developers will find this course valuable. It provides highly practical and hands-on training on web application penetration testing, covering the OWASP top 10 vulnerabilities.
The course starts by explaining various terminologies of web technologies and then moves on to mapping application insecurities using tools like "Burp Suite," which is widely used by offensive hackers. It focuses on serious vulnerabilities such as SQL Injection, Cross-site scripting, Cross-site request forgery, XML External Entity (XXE) attacks, and Remote command Execution.
The training methodology of this course is designed to help learners understand how developers make and secure web applications during the development phase. By gaining insights into the development process, learners can effectively hunt for vulnerabilities and attack application business logics.
The course materials include offline access to PDF slides, over 8 hours of video lessons, self-paced HTML&Flash content, and access from various devices such as PCs, tablets, and smartphones.
Course Syllabus
BE PREPARED!
WEB APPLICATION TECHNOLOGIES 101
MAPPING THE APPLICATIONS
CROSS-SITE SCRIPTING ATTACKS - XSS
SQL INJECTION ATTACKS - EXPLOITATIONS
CROSS SITE REQUEST FORGERY - XSRF
AUTHENTICATION & AUTHORIZATION ATTACKS
CLIENT SIDE SECURITY TESTING
FILE RELATED VULNERABILITIES
XML EXTERNAL ENTITY ATTACKS - XXE
EXTERNAL RESOURCES FOR WEBSITE AUDITING