Intense Introduction to Hacking Web Applications
Published by Pearson
This course starts with an introduction to modern web applications and then immediately dives into the mapping and discovery phase of testing. In this course, you will learn security penetration testing methodologies and concepts by going over step-by-step examples in real time.
This hands-on training course will use various open source tools. You will learn how to exploit SQL injection, command injection, cross-site scripting (XSS), XML External Entity (XXE), and cross-site request forgery (CSRF). You will also learn how to perform assessments of modern APIs used for mobile and IoT applications. This course includes interactive labs where students can interact with a series of vulnerable web applications in a safe environment. Learn how to craft the exploits used by ethical hackers to perform real-world penetration testing attacks and vulnerabilities.
What you’ll learn and how you can apply it
- Learn through step-by-step interactive demonstrations
- Perform real-world pen testing
This live event is for you because...
- You have an understanding of cybersecurity fundamentals.
- You are interested in cybersecurity and penetration testing (ethical hacking)
- You want to learn different methodologies and best practices to perform security penetration testing assessments.
Prerequisites
Course participants should have a basic understanding of cybersecurity and networking, plus core familiarity with Microsoft Windows and Linux operating systems. The following books and video courses provides a good overview of cybersecurity fundamentals that are pre-requisites for this course:
- CCNA Cyber Ops SECFND 210-250 Official Cert Guide, First Edition (book)
- CCNA Cyber Ops SECFND 210-250 (video)
Course Set-up:
- This is a hands-on course. Please go to the accompanying site for this Live Training course to download and install the required virtual machine (VM): https://webapps.h4cker.org
Recommended Preparation:
Recommended Follow-up:
- (Learning Path) From Zero to Ethical Hacker- 10 Weeks to Becoming an Ethical Hacker and Bug Hunter: https://learning.oreilly.com/learning-paths/from-zero-to/8204091500000000008/
- The Art of Hacking (Video Collection)
- Security Penetration Testing The Art of Hacking Series LiveLessons (video)
- Wireless Networks, IoT, and Mobile Devices Hacking (The Art of Hacking Series) (video)
- Enterprise Penetration Testing and Continuous Monitoring The Art of Hacking (video)
- Ethical Hacking Scenarios https://learning.oreilly.com/playlists/d59bb99e-5da8-4771-b4d0-3077ce353507/
Schedule
The time frames are only estimates and may vary according to how the class is progressing.
Section 1: Introduction to Web Application Penetration Testing Methodologies (20 minutes)
- An introduction to ethical hacking and penetration testing methodologies
- Reviewing the OWASP Testing Methodologies
Section 2: Building Your Own Web Application Lab (20 minutes)
- Building your own lab
- Installing WebSploit
- Reviewing the Installation and Tools
- Reviewing additional tools and web application hacking environments
Section 3: Reconnaissance and Profiling Web Applications (20 minutes)
- Conducting information gathering using appropriate techniques
- Vulnerability Scanning
- Analyzing vulnerability scan results
- The process of leveraging information to prepare for exploitation
- Weaknesses related to specialized systems
Section 4: Authentication and Session Management Vulnerabilities (20 minutes)
- Introducing authentication methods
- Exploiting authentication-based vulnerabilities
- Exploiting session management vulnerabilities
Lab Exercises and Break: 60 minutes
Section 5: Exploiting Cross-site Scripting (XSS) and Understanding Cross-site Request forgery (CSRF/XSRF) Vulnerabilities (20 minutes)
Reflected XSS Stored XSS DOM-based XSS Understanding Cross-site Request forgery (CSRF/XSRF)
Break 5 minutes
Section 6: Exploiting SQL Injection (25 minutes)
- Overview of SQL Injection
- Exploiting SQL Injection Vulnerabilities
Section 7: Exploiting XML External Entity (XXE) Vulnerabilities (30 minutes)
- Understanding XXE
- Exploiting XXE vulnerabilities
Section 6: Hacking APIs, Fuzzing, and Q&A (20 minutes)
- Overview of APIs
- Hacking APIs
- Fuzzing
- Q&A
Your Instructor
Omar Santos
Omar Santos is a Distinguished Engineer at Cisco focusing on advanced AI security research, cybersecurity, incident response, and vulnerability disclosure. He is the co-chair of the Coalition for Secure AI (CoSAI) alongside leading AI companies such as OpenAI, Google, Anthropic, and NVIDIA. Omar has served in the board of the OASIS Open standards organization and is also the chair of the OpenEoX and the Common Security Advisory Framework (CSAF) technical committee. His work led the creation of the CSAF ISO standard. Omar's collaborative efforts extend to numerous organizations, including OWASP, FIRST, and he was the lead of the DEF CON Red Team Village for several years. Omar is the author of over 25 books, 21 video courses, and over 50 academic research papers. Omar is a renowned expert in ethical hacking, vulnerability research, incident response, and AI security. Omar's work in cybersecurity is also recognized through multiple granted patents. Prior to Cisco, Omar served in the United States Marines focusing on the deployment, testing, and maintenance of Command, Control, Communications, Computer, and Intelligence (C4I) systems.