Udemy

Platform

English

Language

Network & Security

Category

Complete Ethical Hacking & Penetration Testing for Web Apps

Learn OWASP TOP 10 Vulnerability Categories and the Defenses and Fixes for them. Covering all the popular hacking types

4.05 (106 reviews)

Students

4 hours

Content

Nov 2019

Last Update
Regular Price


What you will learn

You will understand about how to make use of the most popular vulnerabilities (OWASP TOP 10) to hack into a website and the ways to prevent it.


Description

DISCLAIMER:

-----------------

ANY ACTIONS AND OR ACTIVITIES RELATED TO THE MATERIAL CONTAINED WITHIN THIS COURSE IS SOLELY YOUR RESPONSIBILITY. THE MISUSE OF THE INFORMATION IN THIS CAN RESULT IN CRIMINAL CHARGES BROUGHT AGAINST THE PERSONS IN QUESTION. THE INSTRUCTOR OR THE PLATFORM WILL NOT BE HELD RESPONSIBLE IN THE EVENT ANY CRIMINAL CHARGES BE BROUGHT AGAINST ANY INDIVIDUALS MISUSING THE INFORMATION IN THIS COURSE TO BREAK THE LAW.

Hello and welcome to Web Based Ethical Hacking and Penetration Testing for Beginners. This course is an introduction to your career as a web security expert.


Internet is all around us. We have been using the facilities of internet since a long while and as the internet came in, the cyber-security threat also started to appear. You can hear stories of cyber-attacks day by day in news papers and media.


As the facilities, the easiness and the comfort of using internet based applications, even if its a web application or a mobile application which is using a cloud based API, the chances of getting a cyber attack has also been increased. It has been increased to such a level that we cannot even predict what happens the next day, because hackers are always alert and vigilant and they are looking for a loophole to get into an application and steal your information.


Like the saying " A person knows how to break a lock, can make a good lock !" , because he knows the vulnerabilities, he knows the loop holes and that person can build a good secure application or he can guide the developer to build a good application which is almost secure and which does not have the loop holes that has already been discovered.


So being cyber security professionals or being cyber security enthusiasts , we will deal with the OWASP Top 10 vulnerabilities . OWASP is a community based project, that is Open Web Application Security Project. Periodically they will be updating their list of vulnerabilities. And in this Top 10 list of vulnerabilities we will be having a subset of other vulnerabilities which will be coming under this top 10 vulnerabilities. So we will cover almost 30 kind of most popular vulnerabilities in this course and these vulnerabilities are the common vulnerabilities that is currently in the Cyber World.


Once you get hold of these 30 vulnerabilities, you will be having enough confidence to test a web application or test a cloud based application in an API based application, a mobile application which is using a cloud based API. In every session I am giving you the mitigations, the defensive mechanisms that we can follow to avoid the vulnerability that we discussed in that particular session. So you will be able to suggest the defensive measures to the programmer or to the developer who is developing the web application.


Please make sure you are using these techniques only for Penetration Testing as well as Ethical Hacking and please do not use it for any other illegal purpose or any other un-ethical kind of things.


Cyber-security and Penetration Testing is a very lucrative career. This course is indented for Cyber Security Beginners, with an overview of basic web coding, interested to come into the cyber security world,and also, existing Testers, who are willing to go into the Penetration Testing. People who are interested in Ethical Hacking can also do this course.


In this course, we will be concentrating mainly on how Penetration Testing can be done on web based applications. And it can also be used for mobile based applications because most of the mobile based applications communicate with a cloud based API. The security of this API is actually the security of the mobile application which is using this API. And by the end of this course, we will be providing you with a course completion certificate on-demand, which you can include in your resume and it will be giving very high value to your current profile.


I promise that you are going to have a really thrilling experience doing Penetration Testing and Ethical Hacking. So see you soon in the class room.


Screenshots

Complete Ethical Hacking & Penetration Testing for Web Apps
Complete Ethical Hacking & Penetration Testing for Web Apps
Complete Ethical Hacking & Penetration Testing for Web Apps
Complete Ethical Hacking & Penetration Testing for Web Apps

Content

Quick Overview of the Course

Quick Overview of the Course

Lab Setup 1 : Install WAMP

Install WAMP, the Apache, PHP and MySQL stack for hosting the demo web server

Lab Setup 2: Install Mutillidae

Install Mutillidae II, a free, open source, deliberately vulnerable web-app

Lab Setup 3: Install Burp Suite

Install Burp Suite - An integrated platform for security testing of web Sites

Troubleshooting Burp : Cannot load HTTPS Websites

Troubleshooting Burp : Cannot load or Intercept HTTPS Websites

SQL Injection - Attack and Defenses

SQL Injection - Hacking Techniques and Defenses

OS Command Injection - Attack and Defenses

OS Command Injection - Hacking Techniques and Defenses

JSON Injection Attack using Reflected XSS Technique and Defense Measures

JSON Injection Attack using Reflected XSS Technique and Defense Measures

Cookie Manipulation Attack and Defenses

Cookie Manipulation Attack and Defense Tips

Username Enumeration Attack - Part 1& 2

Username Enumeration Attack - Part 1

Username Enumeration Attack and Defense Tips - Part 2

Brute Force Attack Technique and Defenses

Brute Force Attack Technique and Defenses

Cross Site Scripting (Reflected XXS using HTML Context)

Cross Site Scripting (Reflected XXS using HTML Context)

Cross Site Scripting (Reflected XSS using JavaScript)

Cross Site Scripting (Reflected XSS using JavaScript)

Storage Cross Site Scripting Attack - XSS Defenses

Storage Cross Site Scripting Attack - XSS Defenses

Insecure Direct Object Reference - IDOR and Defense using File Tokens

Insecure Direct Object Reference - IDOR and Defense using File Tokens

Insecure Direct Object Reference - IDOR and Defense using URL Tokens

Insecure Direct Object Reference - IDOR and Defense using URL Tokens

Directory Browsing / Traversal Threat Demonstration

Directory Browsing / Traversal Threat Demonstration

XXE - XML External Entity Attack

XXE - XML External Entity Attack Demonstration

User Agent Manipulation or Spoofing Attack

User Agent Manipulation or Spoofing Attack

Security miss-configuration Attack Defenses (DIR Browsing, XXE, User Agent)

Security miss-configuration Attack Defenses (DIR Browsing, XXE, User Agent)

Sensitive Data Exposure Vulnerability (HTML/CSS/JS Comments)

Sensitive Data Exposure Vulnerability (via HTML/CSS/JS Comments)

Hidden / Secret URL Vulnerability and Defenses

Hidden / Secret URL Vulnerability and Defenses

HTML 5 Web Storage Vulnerability and Defenses

HTML 5 Web Storage Vulnerability and Defenses

Role Based Access Vulnerability and Defense

Role Based Access Vulnerability and Defense

CSRF - Cross Site Request Forgery Attack

CSRF - Cross Site Request Forgery Attack - Part 1

CSRF - Cross Site Request Forgery Attack & Defenses - Part 2

Entropy Analysis for CSRF Token

Entropy Analysis for CSRF Token

CVSS - Common Vulnerability Scoring System

CVSS - Common Vulnerability Scoring System

Unvalidated URL Redirect Attack and Prevention code sample

Unvalidated URL Redirect Attack and Prevention code sample


Reviews

A
Allen17 April 2020

More simplified . But concepts are well explained upto the level. Really helpful for newbie pentestors .

G
Garima19 February 2020

Prompt Replies to doubts and questions, I like this course as It gave a kick start needed to understand Burp Suite. Thanks Abhilash.

K
Konrad20 September 2019

Section 7 is not fully completed. Good opportunity to learn BULP Suite. Section 21 with hidden/secret URL vulnerability looks like it can be used just sending proper GET method from the website. Last example is the same like in one of the previous section.

B
Bikash21 September 2018

It was really good experience for me as my first online course and I really love the way of teaching method.

Q
Quý19 September 2018

The content of OWASP testing is really good for those who want to work on web appplication development

K
Kenni16 September 2018

Course content is very light. Claims to be for beginners but the instructor doesn't take time to explain what he's doing and the reason behind it. A bit hard to understand as well.

E
Elias13 August 2018

"Learn OWASP TOP 10 Vulnerability Categories and the Defenses and Fixes for them. Covering all the popular hacking types." - This is an intro to web security.

A
Akash2 August 2018

Very useful course and trainer Mr.Abhilash Nelson are very knowledged person and teaches in very sophisticated way and can be understood easily

H
Hossain2 August 2018

Excellent learning experience! The Instructor explained everything very clearly & His English also Doesn't have any issue (Clear & Understandable) I just watch a few videos and 100% satisfied with his explanation on every video. Wish he will make another great course for us. Keep it up, you have the skill to be a popular Instructor soon. Waiting for your another great course.

W
Wasiq1 August 2018

Great course continue to upload these types of courses and introduce new tools and technique related to hacking and pen-testing and other tools of OWASP should be introduce in these courses


1826160

Udemy ID

7/29/2018

Course created date

11/20/2019

Course Indexed date
Bot
Course Submitted by