Practical Web Exploitation
Price: Free
Level: Introductory
Sections: 4
Videos: 13
Duration: 9+ hours
Description
This course covers basic exploitation concepts and vulnerabilities in the context of web applications. It designed for people with limited experience in the context of software security. Take this course if you want to build solid foundations over web exploitation. If instead you're already used to the field, this course might showcase a new way of thinking about a vulnerability you already know.
Participants will learn to identify and exploit common vulnerabilities such as SQL injection, Directory Traversal, Command injections, Cross-Site Scripting (XSS) and more. Participants will also learn the different techniques to enumerate common assets exposed by web applications. For every vulnerability and technique analyzed, different hands-on examples are showcased in order to build practical knowledge and intuition.
The course should be regarded as an introduction to web exploitation, as it does not cover the entire attack surface of web applications.
Learning Objectives
By the end of the course, participants will develop a deeper understanding over web application security.
Specifically, the following practical skills will be transfered:
- Use proxy tooling such as Burp Suite.
- Enumerate a web application.
- Perform security tests for basic web vulnerabilities.
- Exploit basic web vulneraiblities.
Requirements
As a starting point, we assume the following knowledge:
- Basic understanding of networking and protocols
- Basic understanding of an operating system (Linux, Windows, or MacOS)
- Basic knowledge of web technologies (HTTP, HTML, JavaScript)
Syllabus
- Section I - Introduction
- Introduction to Web Exploitation
- Getting Used to BurpSuite
- Section II - Basic Web Vulnerabilities
- SQL Injection
- Directory Traversal
- File Inclusion
- File Upload Vulnerabilities
- Command Injections
- Cross-Site Scripting
- Section III - Enumeration Techniques
- Enumeration of Files and Directories
- Enumeration of Virtual Hosts
- Enumeration of Parameters
- Section IV - Miscellaneous
- DNS Zone Transfer Attacks
- Brute Force Attacks