Pentester Academy – Web Application Pentesting

 Pentester Academy   Web Application Pentesting

.MP4, AVC, 1334 kbps, 1280×720 | English, AAC, 224 kbps, 2 Ch | 8.5 hours | 6.23 GB Instructor: Vivek Ramachandran

A non-exhaustive and continuously evolving list of topics to be covered include: HTTP/HTTPS protocol basics Understanding Web Application Architectures Lab setup and tools of the trade Converting your browser into an attack platform Traffic Interception and Modification using Proxies Cross Site Scripting Types Reflected Persistent DOM based Filtering XSS Evading XSS filters Cookie stealing and session hijacking Self-XSS BeeF SQL Injection Error based Blind Second order injections Broken authentication and session management session id analysis custom authentication Security misconfigurations Web and database server Application framework Insecure direct object reference Cross-site Request Forgery GET and POST based JSON based in RESTful Service Token Hijacking via XSS Multi-Step CSRF Insecure cryptographic storage Clickjacking File upload vulnerabilities Bypassing extension, content-type etc. checks RFI and LFI Web to Shell Web Shells PHP meterpreter Analyzing Web 2.0 applications AJAX RIAs using Flash, Flex Attacking Caching servers Memcached Redis Non Relational Database Attacks Appengine Datastore MongoDB, CouchDB etc. HTML5 Attack Vectors Tag abuse and use in XSS Websockets Client side injection Clickjacking Web Application firewalls Fingerprinting Detection Techniques Evading WAFs more additions will be made as course evolves