Hacking Web Applications (The Art of Hacking Series): Security Penetration Testing for Today’s DevOps and Cloud Environments

October 27, 2018 Courses
Hacking Web Applications (The Art of Hacking Series): Security Penetration Testing for Today’s DevOps and Cloud Environments

English | MP4 | AVC 1280Ă—720 | AAC 44KHz 2ch | 5h 26m | 1.88 GB

More than 5 hours of video instruction to help you perform ethical hacking, penetration testing, and security posture assessment through compromising, analyzing, and mitigating web application vulnerabilities.

Hacking Web Applications (The Art of Hacking Series) LiveLessons provides step-by-step, real-life scenarios for performing security assessments (penetration testing) through web application vulnerabilities.

This course shows you how to set up a penetration testing lab for web app pen testing where you will learn how to perform reconnaissance and profiling. After these initial steps, you will learn to exploit many vulnerabilities including authentication, session management, injection-based, cross-site scripting, cross-site request forgery, and cryptographic implementations. You will also learn how to assess and perform application programming interface (API) attacks, client-side attacks, and additional web application vulnerability attacks.

The primary objective of this course is not to perform malicious attacks, but rather to provide you with step-by-step guidance so you can learn ethical hacking, penetration testing, and security posture assessment as it pertains to web applications. Through the skills explored throughout the course lessons, you will learn the various concepts associated with many different leading-edge offensive security skills in the industry. The course is full of multimedia tutorials and hands-on demos that users can apply to real-world scenarios, and cyber security veteran Omar Santos provides critical information for anyone interested in pursuing an ethical hacking career or simply keeping abreast of evolving threats to keep the web applications of your or your clients’ networks secure from vulnerabilities.

Learn How To

  • Assess everything you need to know to perform ethical hacking and penetration testing on web applications
  • Understand web application protocols, HTTP Request/Response, session management and cookies, DevOps, cloud services, web application frameworks, and Docker containers to better
  • assess web application vulnerabilities
  • Build your own web application lab for penetration testing
  • Profile and perform passive and active reconnaissance on web applications through several techniques and applications
  • Exploit authentication and session management responsibilities
  • Exploit and mitigate injection-based command, SQL, and XML vulnerabilities
  • Exploit and mitigate Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerabilities
  • Exploit and mitigate cryptographic vulnerabilities
  • Understand and test APIs to mitigate web application attacks
  • Understand and mitigate client-side, HTML5, and AJAX vulnerabilities
  • Examine additional avenues where you can exploit (and protect) web application vulnerabilities

Who Should Take This Course

  • Any network and security professional who is starting a career in ethical hacking and penetration testing
  • Individuals preparing for the Offensive Security Certified Professional (OSCP), the Certified Ethical Hacker (CEH), CompTIA PenTest+, and any other ethical hacking certification
  • crAny cybersecurity professional who wants to learn the skills required to become a professional ethical hacker and wants to learn more about web application hacking methodologies and attacks
Table of Contents

01 Hacking Web Applications The Art of Hacking Series LiveLessons – Security Penetration Testing for Today’s DevOps and Cloud Environments – Introduction
02 Learning objectives
03 1.1 Understanding Ethical Hacking and Penetration Testing
04 1.2 Surveying Web Application Penetration Testing Methodologies
05 1.3 Understanding the Need for Web Application Penetration Testing
06 1.4 Exploring How Web Applications Have Evolved Over Time
07 1.5 Exploring What Programming Languages You Should Know
08 Learning objectives
09 2.1 Understanding the Web Application Protocols
10 2.2 Exploring the HTTP Request and Response
11 2.3 Surveying Session Management and Cookies
12 2.4 Introducing DevOps
13 2.5 Exploring Cloud Services
14 2.6 Exploring Web Application Frameworks
15 2.7 Surveying Docker Containers
16 2.8 Introducing Kubernetes
17 Learning objectives
18 3.1 Exploring Kali Linux
19 3.2 Introducing Vulnerable Applications
20 3.3 Surveying DVWA
21 3.4 Surveying WebGoat
22 3.5 Surveying Hackazon
23 3.6 Exploring the Web Security Dojo
24 3.7 Understanding Web Application Proxies
25 3.8 Understanding Cyber Ranges and Capture the Flag Events
26 Learning objectives
27 4.1 Understanding Passive vs. Active Reconnaissance
28 4.2 Using Search Engines and Public Information
29 4.3 Exploring Shodan, Maltego, Recon-NG, SpiderFoot, and TheHarvester
30 4.4 Exploring CMS and Framework Identification
31 4.5 Surveying Web Crawlers and Directory Brute Force
32 4.6 Understanding How Web Application Scanners Work
33 4.7 Introducing Nikto
34 4.8 Introducing the Burp Suite
35 4.9 Introducing OWASP Zed Application Proxy (ZAP)
36 4.10 Introducing OpenVAS
37 Learning objectives
38 5.1 Understanding Authentication Schemes in Web Applications and Related Vulnerabilities
39 5.2 Exploring Session Management Mechanisms and Related Vulnerabilities
40 Learning objectives
41 6.1 Understanding Command Injection
42 6.2 Exploiting Command Injection Vulnerabilities
43 6.3 Understanding SQL Injection
44 6.4 Exploiting SQL Injection Vulnerabilities
45 6.5 Understanding XML Injection
46 6.6 Exploiting XML Injection Vulnerabilities
47 6.7 Mitigating Injection Vulnerabilities
48 Learning objectives
49 7.1 Introducing XSS
50 7.2 Exploiting Reflected XSS Vulnerabilities
51 7.3 Exploiting Stored XSS Vulnerabilities
52 7.4 Exploiting DOM-based XSS Vulnerabilities
53 7.5 Understanding Cross-Site Request Forgery (CSRF)
54 7.6 Exploiting CSRF Vulnerabilities
55 7.7 Evading Web Application Security Controls
56 7.8 Mitigating XSS and CSRF Vulnerabilities
57 Learning objectives
58 8.1 Introducing Cryptography, Encryption, and Hashing Protocols
59 8.2 Identifying Common Flaws in Data Storage and Transmission
60 8.3 Surveying Examples of Crypto-based Attacks and Vulnerabilities
61 8.4 Mitigating Flaws in Cryptographic Implementations
62 Learning objectives
63 9.1 Understanding the APIs
64 9.2 Exploring the Tools Used to Test the APIs
65 Learning objectives
66 10.1 Surveying the Client-side Code and Storage
67 10.2 Understanding HTML5 Implementations
68 10.3 Understanding AJAX Implementations
69 10.4 Mitigating AJAX, HTML5, and Client-side Vulnerabilities
70 Learning objectives
71 11.1 Understanding the Other Common Security Flaws in Web Applications
72 11.2 Exploiting Insecure Direct Object References and Path Traversal
73 11.3 Surveying Information Disclosure Vulnerabilities
74 11.4 Fuzzing Web Applications
75 Summary

Resolve the captcha to access the links!