Intense Introduction to Hacking Web Applications

This course starts with an introduction to modern web applications and then immediately dives into the mapping and discovery phase of testing. In this course, you will learn security penetration testing methodologies and concepts by going over step-by-step examples in real time.

This hands-on training course will use various open source tools. You will learn how to exploit SQL injection, command injection, cross-site scripting (XSS), XML External Entity (XXE), and cross-site request forgery (CSRF). You will also learn how to perform assessments of modern APIs used for mobile and IoT applications. This course includes interactive labs where students can interact with a series of vulnerable web applications in a safe environment. Learn how to craft the exploits used by ethical hackers to perform real-world penetration testing attacks and vulnerabilities.

What you’ll learn and how you can apply it

• Learn through step-by-step interactive demonstrations
• Perform real-world pen testing

This live event is for you because.

• You have an understanding of cybersecurity fundamentals.
• You are interested in cybersecurity and penetration testing (ethical hacking)
• You want to learn different methodologies and best practices to perform security penetration testing assessments.

Prerequisites

Course participants should have a basic understanding of cybersecurity and networking, plus core familiarity with Microsoft Windows and Linux operating systems. The following books and video courses provides a good overview of cybersecurity fundamentals that are pre-requisites for this course:

• CCNA Cyber Ops SECFND 210-250 Official Cert Guide, First Edition (book)
• CCNA Cyber Ops SECFND 210-250 (video)

Course Set-up:

• This is a hands-on course. Please go to the accompanying site for this Live Training course to download and install the required virtual machine (VM): https://webapps.h4cker.org

Recommended Preparation:

• Security Penetration Testing The Art of Hacking Series LiveLessons (video)

Recommended Follow-up:

• (Learning Path) From Zero to Ethical Hacker- 10 Weeks to Becoming an Ethical Hacker and Bug Hunter: https://learning.oreilly.com/learning-paths/from-zero-to/8204091500000000008/
• The Art of Hacking (Video Collection)
• Security Penetration Testing The Art of Hacking Series LiveLessons (video)
• Wireless Networks, IoT, and Mobile Devices Hacking (The Art of Hacking Series) (video)
• Enterprise Penetration Testing and Continuous Monitoring The Art of Hacking (video)
• Ethical Hacking Scenarios https://learning.oreilly.com/playlists/d59bb99e-5da8-4771-b4d0-3077ce353507/

Schedule

The time frames are only estimates and may vary according to how the class is progressing.

Section 1: Introduction to Web Application Penetration Testing Methodologies (20 minutes)

• An introduction to ethical hacking and penetration testing methodologies
• Reviewing the OWASP Testing Methodologies

Section 2: Building Your Own Web Application Lab (20 minutes)

• Building your own lab
• Installing WebSploit
• Reviewing the Installation and Tools
• Reviewing additional tools and web application hacking environments

Section 3: Reconnaissance and Profiling Web Applications (20 minutes)

• Conducting information gathering using appropriate techniques
• Vulnerability Scanning
• Analyzing vulnerability scan results
• The process of leveraging information to prepare for exploitation
• Weaknesses related to specialized systems

Section 4: Authentication and Session Management Vulnerabilities (20 minutes)

• Introducing authentication methods
• Exploiting authentication-based vulnerabilities
• Exploiting session management vulnerabilities

Lab Exercises and Break: 60 minutes

Section 5: Exploiting Cross-site Scripting (XSS) and Understanding Cross-site Request forgery (CSRF/XSRF) Vulnerabilities (20 minutes)

Reflected XSS Stored XSS DOM-based XSS Understanding Cross-site Request forgery (CSRF/XSRF)

Break 5 minutes

Section 6: Exploiting SQL Injection (25 minutes)

• Overview of SQL Injection
• Exploiting SQL Injection Vulnerabilities

Section 7: Exploiting XML External Entity (XXE) Vulnerabilities (30 minutes)

• Understanding XXE
• Exploiting XXE vulnerabilities

Section 6: Hacking APIs, Fuzzing, and Q&A (20 minutes)

• Overview of APIs
• Hacking APIs
• Fuzzing
• Q&A

Your Instructor

Omar Santos

Omar Santos is an active member of the cybersecurity community leading several industry-wide initiatives and standards. He is a Principal Engineer in the Cisco Product Security Incident Response Team (PSIRT) within Cisco's Security Research and Operations. He mentors and leads engineers and incident managers during the investigation and resolution of security vulnerabilities in all Cisco products and cloud services. Omar has been working with information technology and cybersecurity since the mid-1990s. Omar has designed, implemented, and supported numerous secure networks for Fortune 100 and 500 companies and the US government. Prior to his current role, he was a Technical Leader within the World-Wide Security Practice and the Cisco Technical Assistance Center (TAC), where he taught, led, and mentored many engineers all organizations. Omar is the author of several books and video courses.

Download the O'Reilly App

Take O'Reilly with you and learn anywhere, anytime on your phone and tablet.

Watch on your big screen

View all O'Reilly videos, Superstream events, and Meet the Expert sessions on your home TV.

Do not sell my personal information

© 2024 , O'Reilly Media, Inc. All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners.