Practical Web Applicaton Penetration Testing

Level:
Beginner to Intermediate

Sections:
13

Videos:
95

Duration:
17 hours

Instructor:
Leonardo Tamiano

Language:
English

Description

This course has been developed with a clear objective: show in practice what it means to perform a Web Application Penetration Test (WAPT), exactly as it would happen with a real client in a typical week of work. This approach will allow you to quickly reach the experience level of a junior penetration tester.

Consider these questions:

Are you interested in working in the security industry?
Do you want to learn how to test the security of a Web Application?
Do you like hands-on, practice-based learning?

If you answered yes to these questions, this course is for you.

In this course, we will show how to test the security of Secure Bank, a home banking application designed as a training ground for penetration testers and web developers. During the test we will find 40+ security issues belonging to the following categories:

Information Disclosure
Injection Vulnerabilities
Authentication
Authorization
Session Management
Business Logic Vulnerabilities
Data Validation Vulnerabilities
Cryptography
Insecure Configuration

During the course we will use the community edition Burp Suite to find and exploit the different vulnerabilities. This means we will work with different Burp Suite functionalities and we will read and modify lots of HTTP message.

For each security issue we will show how to find the vulnerable behavior, how to exploit it and finally how to explain it using written Proof of Concepts (PoCs) to the final client.

At the end of the course you will see 40 different PoCs for 40 different security issues.

This will give you a strong intuition on WAPT testing, a key ability to get started in the security industry or simply to refine and structure your abilities.

Learning Objectives

By the end of the course, participants will develop a strong understanding over how to perform a WAPT activity.
Specifically, the following practical skills will be transfered:

Software Security Fundamentals
How to approach the security testing of a web application
How to document security issues through Proof of Concepts (PoC)
How to reason about risk and threats associated to security issues
How to use Burp Suite to perform a web penetration test

Requirements

As a starting point, we assume the following knowledge:

Basic linux knowledge
Basic HTTP knowledge

Syllabus

Section 1 - Introduction to the Course
- whoami
- Learning objectives
- Required knowledge
- Course contents
Section 2 - Software Security
- Section Overview
- Security Properties (CIA)
- Software Vulnerabilities
- Example - SQL Injection
- Example - IDOR
- Example - Stored XSS
- Software Risks
- Software Vulnerabilities vs Software Risks
- Example - User Enumeration
- How to Measure Security
- Web Application Penetration Test (WAPT)
- Secure Code Review (SCR)
- Other Testing Activities
- The CVE system
- The CVSS system
- CVE-2022-22965
- OWASP
- Security in the SDLC
Section 3 - Starting the WAPT activity
- Introducing Secure Bank
- Deploying Secure Bank
- Secure Bank Troubleshooting
- Start of the WAPT Activity
- HTTP Testing Setup
- On the HTTP Protocol
- Service scan with nmap
- Burp Suite Installation
- Burp Suite Usage
- Burp Suite Extensions
- Extra: mitmproxy
- Extra: Connect browser to proxy
- Testing Coverage
- Categories of Vulnerabilities
Section 4 - Information Disclosure
- Introduction to Information Disclosure
- Files and Directories Enumeration
- Issue #1 - Swagger API Exposed
- Issue #2 - Directory Listing
- Issue #3 - Exposed Stack Trace
- Issue #4 - Unmanaged Errors
- Issue #5 - Exposure of Sensitive Functionality
- Issue #6 - PDF Metadata Disclosure
- Issue #7 - Server Banners
Section 5 - Injection Vulnerabilities
- Introduction to Injection Vulnerabilities
- Issue #1 - SQL Injection
- SQL Injection Exploitation with sqlmap
- Extra: SQL Injection Code Review
- Issue #2 - Stored XSS
- Issue #3 - Reflected XSS
- Issue #4 - Path Traversal
- Issue #5 - XML eXternal Entity (XXE)
- Issue #6 - Server-Side Request Forgery (SSRF)
- Issue #7 - Command Injection
- Conclusion
Section 6 - Authentication
- Introduction to Authentication
- Issue #1 - Authentication Bypass
- Issue #2 - User Enumeration
- Issue #3 - Insecure Password Update
- Issue #4 - Weak Password Policy
- Issue #5 - Lack of MFA
- Conclusion
Section 7 - Authorization
- Introduction to Authorization
- Issue #1 - IDOR part 1
- Issue #1 - IDOR part 2
- Issue #2 - Horizontal Privilege Escalation
- Issue #3 - Vertical Privilege Escalation part 1
- Issue #3 - Vertical Privilege Escalation part 2
- Conclusion
Section 8 - Session Management
- Introduction to Session Management
- Issue #1 - Insecure Session Cookie
- Issue #2 - Lack of Security Attributes in Session Cookie
- Issue #3 - Improper Logout
- Issue #4 - CSRF in Password Update
- Testing for Session Fixation
- Conclusion
Section 9 - Business Logic Vulnerabilities
- Introduction to Business Logic
- Issue #1 - Infinite Money
- Issue #2 - Race Condition in Store
Section 10 - Validation Vulnerabilities
- Introduction to Validation
- Issue #1 - Malicious File Upload
- Issue #2 - Arbitrary File Upload
- Issue #3 - Arbitrary File Write Location
- Issue #4 - Open Redirect
- Issue #5 - ReDoS
- Issue #6 - Insecure Deserialization
Section 11 - Cryptography
- Introduction to Cryptography
- Issue #1 - Insecure Communication Channel
- Issue #2 - Insecure Password Storage
- Issue #3 - Hard-coded credentials
- Issue #4 - Insecure Randomness
Section 12 - Insecure Configuration
- Introduction to Insecure Configuration
- Issue #1 - Source Code in Docker Container
- Issue #2 - Lack of Content-Security Policy (CSP)
Section 13 - Conclusion
- Report Overview
- Next Steps

Buy Now!