Autoplay
Autocomplete
Previous Lesson
Complete and Continue
Web Hacking: Become a Web Pentester
Warm Up
Intro (3:33)
Disclaimer (1:34)
Methodology (4:51)
Environment Setup
In This Section (1:25)
Download everything you need
Setting up the Target (8:56)
Setting up Kali (14:37)
Setting up Burp (9:03)
Web 101
In This Section (0:40)
How HTTP Works (12:36)
Static HTML (10:18)
PHP and Friends (14:25)
Modern MVC Frameworks (30:00)
JavaScript (14:40)
Application Discovery
Manual Discovery (16:51)
Automated Discovery (11:46)
Attacks the Session Management
Session Management Intro (13:33)
Session Fixation Attack (11:10)
Weak Logout (4:40)
Same Origin Policy (7:05)
Cross-Site Request Forgery (19:58)
Mitigations (5:22)
Attacking the Authentication
SSL/TLS (19:58)
Authentication Bypass (7:53)
Unauthenticated URL Access (6:07)
Password Quality (3:28)
Password Bruteforce (8:01)
Default Accounts (2:37)
Password Recovery (4:48)
Mitigations (3:28)
Attacking the Authorization
Authorization Intro (4:53)
Manipulating Variables (5:15)
Client Side Authorization (4:26)
Mitigations (2:23)
Attacking the Client
Reflected XSS (18:00)
Stored XSS (10:30)
HTTP Header Injection (10:54)
Malicious URL Redirect (14:04)
Wrong Content Type (8:29)
Mitigations (4:09)
Attacking the Server
Malicious File Upload (14:23)
LFI & RFI (14:21)
OS Command Injection (13:35)
SQL Injection (17:51)
UNION Select Attack (12:51)
Blind SQL Injection (13:52)
Automating SQL Injection Attacks (12:04)
Mitigations (4:07)
The Rest
Reporting (5:38)
Assessment Checklist (4:33)
Assessment Checklist Download
What"s next (7:30)
Teach online with
OS Command Injection
Lesson content locked
If you're already enrolled,
you'll need to login
.
Enroll in Course to Unlock