Preview Practical Web Application Testing

Back

Lab Setup

1-1 Lab Setup Overview Lecture ResourcesErrata

1-2 Lab Setup - Hyper-V Errata

1-3 Lab Setup - VirtualBox Lecture Resources Errata

1-4 Lab Setup - Kali Linux Lecture Resources

1-5 Lab Setup - Docker Lecture Resources Errata

Web Application Concepts

2-1 Servers and Clients

2-2 Lab - Nginx and Server Logs

2-3 HTTP

2-4 The Web Trinity

2-5 HTML Lecture Resources

2-6 CSS

2-7 JavaScript

2-8 Lab - Alert Button

2-9 ZAP Intro Errata

2-10 Lab - ZAP Enumeration

Server-Side Webapps

3-1 PHP Errata

3-2 Lab - PHP with Docker Errata

3-3 Server Side Security Considerations

3-4 Lab - Wordpress

3-5 Lab - DVWA Errata

The OWASP Top 10

4-1 OWASP Overview

4-2 Broken Access Control

4-3 Cryptographic Failures Lecture ResourcesErrata

4-4 Injection - XSS

4-5 Injection - SQLI Lecture Resources

4-6 Injection - Command Injection

4-7 Insecure Design

4-8 Security Misconfiguration

4-9 Vulnerable and Outdated Components

4-10 Identification and Authentication Failures

4-11 Software and Data Integrity Failures

4-12 Security Logging and Monitoring Failures

4-13 Server-Side Request Forgery

4-14 Extra Practice

Client-Side Webapps

5-1 Client-Side Webapp Intro

5-2 Lab - Juice Shop

5-3 Frontend Considerations

Webapp Pentesting Methodology

6-1 Preparation Lecture Resources

6-2 Scoping Lecture Resources

6-3 Enumeration Errata

6-4 Manual Testing

6-5 Automated Attacks

Juice Shop Pentest

7-1 Automatic Enumeration

7-2 Manual Enumeration

7-3 Discoveries Lecture Resources

7-4 Authentication

7-5 Purchasing Errata

7-6 Customer Support

7-7 Additional API Testing

7-8 Legacy Code

Reporting

8-1 Report Structure

8-2 Writing Tips

Final Thoughts

9-1EXH~1

9-2 Next Steps

Preview - Practical Web Application Testing