In this episode, we discuss the purpose, scope, and skills you'll learn in the Hands-on Web App Pentesting series.
You're watching IT Pro TV.
>> Greetings everyone and welcome to
the overview for our series here which is
the hands on web app pen testing series.
And it's really exciting, I'm looking
forward to getting into this material with
you good folks out there and getting you
schooled up with some methodologies and
tools and everything about and around
web application penetration testing.
Before we get into that,
let me tell you a little bit about myself.
My name is Daniel Lowrie,
I will be your host and
subject matter expert for this series.
I have over 20 years of experience in IT,
at this time,
I can't believe it's been that much
already, it's like time just flies.
And I've spent the last few years of
my career specializing in security
specifically in things
like penetration testing,
red teaming and vulnerability assessments.
So, it'll be a lot of fun for
us to get into these things because
this is a bit of a passion for myself.
Now, things are going to learn or let me
tell you a little bit about the course and
things you gonna learn in the course.
This course is designed for those of
you that have an interest in doing web
application specific penetration testing.
That you kinda wanna make that your
niche or maybe you've heard about
bug bounties and you want to get
a little bit of information about that.
This is going to help you
in both of those spheres,
more geared towards web application
penetration testing as a business per se.
As someone who is a professional in that
field than it is towards bug bounty,
there is some differences when
it comes to those two things,
even though there is also
a lot of similarities.
You will see some crossover in this, but
if you're interested in either of
those types of fields and industries,
then you should be able to
pick something up from here.
Now, what will you learn?
What are those cool little bobs and
bits that you're gonna pick up?
We're gonna pick up all sorts of stuff.
Hey, we're gonna start
off with the basics.
We're gonna figure out a little
bit about web applications,
web technologies because they
are pertinent to the conversation.
The more we know about that,
the better we're going to be.
So understanding basic web and
development toward web and
how these things are put together,
things like APIS,
that's gonna give us a leg up as we
move down the road for testing purposes.
And then that kinda takes us into
the tool set that we all need, right?
We need to be able to use the common
tools that will allow us to find
vulnerabilities, exploit vulnerabilities,
understand where vulnerabilities might be.
So we gonna go through a bevy of tools,
plenty of them out their vulnerability
scanners, fuzz ear's, directory
buster's all sorts of great stuff.
It's gonna be a lot of fun and they're
very, very useful and pertinent too.
Yeah, you I think if you maybe you've
heard the term burp suite before we'll
definitely be going down that road because
it is one of the most common tools for
the web app pen tester and
bug bounty hunter.
All right, then we will get into
the idea of reconnaissance and
How do we do that?
What does that look like?
And then finally finishing off with,
okay I've got tools I've got some
information, how do I attack this thing?
How do I actually start exploiting some
weaknesses that I think I've discovered?
And so there's gonna be plenty
of attacks to go down the road,
sequel injections, remote code execution,
remote command executions.
We gonna look into I doors,
business logic problems,
plenty of attacks to be heard and
to learn about.
So it's gonna be a lot of fun, and
this is why I really what
makes me excited about this.
It is super fun, it's like a puzzle
to be solved to do this as work.
It is very technical work, but it's
interesting stuff at least it is for me,
I hope it is for you as well, and
that's why I look forward to teaching and
sharing my knowledge with
you good folks out there.
That said, if that seems like
something that's enticing to you,
well then I look forward to seeing
you in our upcoming series.
>> Thank you for watching IT Pro TV.