back

Hands-On Web App Pentesting

Web Application Penetration Testing Skills9 H 55 M

Just you? Training a whole team? There's an ITProTV plan that fits.

Start Training Today
Episodes
Episodes
  • Web Basics
    • Overview
    • URLs
    • HTTP Methods
    • Web App Infrastructure
    • Web APIs
    • Content Management Systems
    • Databases
  • Common Tools
    • Web Browser
    • Burp Suite
    • OWASP ZAP
    • Sublist3r
    • Nikto
    • Feroxbuster
    • Cewl
    • WPScan
    • SQLMap
    • FFuF
  • Information Gathering and Recon
    • Manual Inspection
    • Vulnerability Scanning
    • Directory Fuzzing
  • Attacks
    • Reflected XSS
    • Persistent XSS
    • DOM-Based XSS
    • Error-Based SQLi
    • Blind-Based SQLi
    • Session Hijacking
    • Command Injection
    • File Inclusion
    • CSRF
    • SSRF
    • JWT Attack
    • IDOR
    • Security Misconfigurations

Overview

4 M

itprotv course thumbnailitprotv course thumbnailitprotv course thumbnail
  • Episode Description
  • Transcript

In this episode, we discuss the purpose, scope, and skills you'll learn in the Hands-on Web App Pentesting series.

You're watching IT Pro TV. [MUSIC] >> Greetings everyone and welcome to the overview for our series here which is the hands on web app pen testing series. And it's really exciting, I'm looking forward to getting into this material with you good folks out there and getting you schooled up with some methodologies and tools and everything about and around web application penetration testing. Before we get into that, let me tell you a little bit about myself. My name is Daniel Lowrie, I will be your host and subject matter expert for this series. I have over 20 years of experience in IT, at this time, I can't believe it's been that much already, it's like time just flies. And I've spent the last few years of my career specializing in security specifically in things like penetration testing, red teaming and vulnerability assessments. So, it'll be a lot of fun for us to get into these things because this is a bit of a passion for myself. Now, things are going to learn or let me tell you a little bit about the course and things you gonna learn in the course. This course is designed for those of you that have an interest in doing web application specific penetration testing. That you kinda wanna make that your niche or maybe you've heard about bug bounties and you want to get a little bit of information about that. This is going to help you in both of those spheres, more geared towards web application penetration testing as a business per se. As someone who is a professional in that field than it is towards bug bounty, there is some differences when it comes to those two things, even though there is also a lot of similarities. You will see some crossover in this, but if you're interested in either of those types of fields and industries, then you should be able to pick something up from here. Now, what will you learn? What are those cool little bobs and bits that you're gonna pick up? We're gonna pick up all sorts of stuff. Hey, we're gonna start off with the basics. We're gonna figure out a little bit about web applications, web technologies because they are pertinent to the conversation. The more we know about that, the better we're going to be. So understanding basic web and development toward web and how these things are put together, things like APIS, that's gonna give us a leg up as we move down the road for testing purposes. And then that kinda takes us into the tool set that we all need, right? We need to be able to use the common tools that will allow us to find vulnerabilities, exploit vulnerabilities, understand where vulnerabilities might be. So we gonna go through a bevy of tools, plenty of them out their vulnerability scanners, fuzz ear's, directory buster's all sorts of great stuff. It's gonna be a lot of fun and they're very, very useful and pertinent too. Yeah, you I think if you maybe you've heard the term burp suite before we'll definitely be going down that road because it is one of the most common tools for the web app pen tester and bug bounty hunter. All right, then we will get into the idea of reconnaissance and information gathering. How do we do that? What does that look like? And then finally finishing off with, okay I've got tools I've got some information, how do I attack this thing? How do I actually start exploiting some weaknesses that I think I've discovered? And so there's gonna be plenty of attacks to go down the road, sequel injections, remote code execution, remote command executions. We gonna look into I doors, business logic problems, plenty of attacks to be heard and to learn about. So it's gonna be a lot of fun, and this is why I really what makes me excited about this. It is super fun, it's like a puzzle to be solved to do this as work. It is very technical work, but it's interesting stuff at least it is for me, I hope it is for you as well, and that's why I look forward to teaching and sharing my knowledge with you good folks out there. That said, if that seems like something that's enticing to you, well then I look forward to seeing you in our upcoming series. >> Thank you for watching IT Pro TV.