O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Web Security

Video Description

Get complete understanding of ethical hacking and become proficient at hacking any system and securing it like a true professional

About This Video

  • Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF)
  • Defend SQL injection to control a web application's database server
  • Session hijacking, fixation, and password encryption to protect your confidential data.

In Detail

Web application security is the branch of Information Security that deals specifically with the security of websites, web applications, and web services. At a high level, web application security draws on the principles of application security but applies them specifically to internet and web systems.

The course starts from the basics of web applications by defining the web application test scope and processes. You will learn about information gathering techniques to find information about web applications in the initial phase. Then you will learn the most important attacks on web applications such as SQL injection, command injection, XSS attacks, CSRF attacks, DOS attacks, buffer overflow attacks, and more . Finally, the course will also cover techniques to defend web applications from various types of attack.

By the end of this video tutorial, you will be fully equipped to test web infrastructures against various real-time attack vectors and will also be able to defend web applications from known and unknown attacks.

Table of Contents

  1. Chapter 1 : Introduction about Web Application Security
    1. The Course Overview 00:02:02
    2. Overview of the Web Application Security from a Penetration Tester's Perspective 00:02:36
    3. Discussion of the Different Types of Vulnerabilities in Web Applications (OWASP) 00:03:52
    4. Defining a Web Application Test Scope and Process 00:02:52
    5. Installation of Virtual Machines in System 00:11:44
  2. Chapter 2 : Information Gathering
    1. Discovering the Infrastructure of Web Applications 00:05:41
    2. Identifying the Machines and Operating Systems 00:05:41
    3. Find Open Ports and Services of Web Applications 00:06:40
    4. Tools to Spider a Website 00:06:41
  3. Chapter 3 : Various Injection Attacks
    1. SQL Injection and Various Injection Vulnerabilities 00:03:39
    2. Effect of SQL Injection on Web Application 00:08:43
    3. SQL Injection Cheat Sheet 00:06:14
    4. Prevention Techniques from SQL Injection 00:04:26
  4. Chapter 4 : JavaScript and XSS Attack
    1. XSS and JavaScript Attack 00:03:05
    2. Effect of XSS on Web Application 00:05:57
    3. Cheat Sheet of XSS Attack 00:06:58
    4. Defend Against XSS Attack 00:04:52
  5. Chapter 5 : CSRF and Logic Flaws
    1. Overview of Cross-Site Request Forgery Attack(CSRF) 00:02:52
    2. Effect of CSRF on Web Applications 00:06:01
    3. Cheat Sheet of CSRF Attack 00:07:15
    4. Defend Against CSRF Attack 00:04:20
  6. Chapter 6 : Avoiding/Detecting Other Vulnerabilities
    1. Buffer Overflow Vulnerability Detection 00:06:29
    2. Denial-of-Service (DOS Attack) Vulnerability Detection 00:08:21
    3. Password Brute Forcing Attacks Detection Methods 00:09:56
    4. File Uploads and Transfers Vulnerability Detection 00:10:08