Authorization Intro | ÆTHER SECURITY LAB

Autoplay
Autocomplete

Previous Lesson Complete and Continue

Web Hacking: Become a Web Pentester

Warm Up

Intro (3:33)
Disclaimer (1:34)
Methodology (4:51)

Environment Setup

In This Section (1:25)
Download everything you need
Setting up the Target (8:56)
Setting up Kali (14:37)
Setting up Burp (9:03)

Web 101

In This Section (0:40)
How HTTP Works (12:36)
Static HTML (10:18)
PHP and Friends (14:25)
Modern MVC Frameworks (30:00)
JavaScript (14:40)

Application Discovery

Manual Discovery (16:51)
Automated Discovery (11:46)

Attacks the Session Management

Session Management Intro (13:33)
Session Fixation Attack (11:10)
Weak Logout (4:40)
Same Origin Policy (7:05)
Cross-Site Request Forgery (19:58)
Mitigations (5:22)

Attacking the Authentication

SSL/TLS (19:58)
Authentication Bypass (7:53)
Unauthenticated URL Access (6:07)
Password Quality (3:28)
Password Bruteforce (8:01)
Default Accounts (2:37)
Password Recovery (4:48)
Mitigations (3:28)

Attacking the Authorization

Authorization Intro (4:53)
Manipulating Variables (5:15)
Client Side Authorization (4:26)
Mitigations (2:23)

Attacking the Client

Reflected XSS (18:00)
Stored XSS (10:30)
HTTP Header Injection (10:54)
Malicious URL Redirect (14:04)
Wrong Content Type (8:29)
Mitigations (4:09)

Attacking the Server

Malicious File Upload (14:23)
LFI & RFI (14:21)
OS Command Injection (13:35)
SQL Injection (17:51)
UNION Select Attack (12:51)
Blind SQL Injection (13:52)
Automating SQL Injection Attacks (12:04)
Mitigations (4:07)

The Rest

Reporting (5:38)
Assessment Checklist (4:33)
Assessment Checklist Download
What"s next (7:30)

Teach online with

Authorization Intro

Lesson content locked

If you're already enrolled, you'll need to login.

Enroll in Course to Unlock