Learn main aspects of ethical web hacking, penetration testing and prevent vulnerabilities with this course
What Will I Learn?
Set up a virtual environment to practice without affecting main systems
Install Kali Linux – a penetration testing Debian distro
Install virtual system which has vulnerable web applications
Basic terms, standards, services, protocols and technologies
HTTP protocol, requests and responses
HTTPS, TLS/SSL
Intercepting HTTP traffic using a personal proxy
Gather sensitive information in websites
Find known vulnerabilities using vulnerability database
Find known vulnerabilities using search engines
Google Hack Database (GHDB)
Discover unpublished directories and files associated with a target website
Input and output manipulation
Input and output validation approaches
Discover and exploit reflected XSS vulnerabilities
Discover and exploit stored XSS vulnerabilities
Discover DOM-based XSS vulnerabilities
Prevent XSS vulnerabilities
Discover and exploit SQL injection vulnerabilities, and prevent them
Bypass login mechanisms using SQL injections and login a website without password
Find more in a database using SQL injection vulnerabilities: databases, tables and sensitive data such as passwords
Discover & exploit blind SQL injections
Prevent SQL injections
Authentication methods and strategies
Bypass authentication mechanisms
Find unknown usernames and passwords: brute force & dictionary attacks
Launch a dictionary attack
Access unauthorized processes
Escalate privileges
Access sensitive data using path traversal attack
Session management mechanism
Impersonating victim by session fixation attack
Discover and exploit CSRF (Cross Site Request Forgery)
Requirements
You should be familiar with web sites and general technology
You should have basic computer experience and knowledge