Web Application Hacking & Penetration Testing

Learn how to hack web applications and exploit OWASP top 10 security vulnerabilities.

4.20 (183 reviews)
Udemy
platform
English
language
Network & Security
category
instructor
11,454
students
2 hours
content
May 2021
last update
$19.99
regular price

What you will learn

Learn web application security vulnerabilities

Exploit Injection - SQL Injection, Command injection

Broken Authentication and Session Management

Sensitive Data Exposure

XML External Entities (XXE) attack

Broken Access Control/Insecure Direct Object References

Security Misconfiguration

Cross-Site Scripting (XSS) - Persistent XSS, Reflected XSS, Cross Site Request Forgery (CSRF)

Insecure Deserialization

Using Components with Known Vulnerabilities

Insuffcient Logging and Monitoring

Bonus Section - Unvalidated Redirects and Forwards

Description

If you are looking for a course that provides good coverage of the important top 10 security vulnerabilities in Web Applications in a short and concise way then you have come to the right place !!  This course is relevant whether you are looking for application that are deployed on cloud or physical servers and VM's since the web application vulnerabilities don't magically disappear just because the application is deployed on the cloud.

This course is focused on practical learning and applying your knowledge. To achieve that the course includes tutorial on how to install Xampp server and vulnerable applications on your machine so that you can practice what you are learning rather than just watch the tutorials.

There are many courses which mainly focus on how to exploit the vulnerabilities of physical servers but with the cloud being the preferred way nowadays to deploy application and also with advances made in securing physical servers learning those techniques may not prove to be very advantageous. 

This course covers the below OWASP top 10 web application security risks -

1. Injection - SQL Injection, Command Injection

2. Broken Authentication

3. Sensitive Data Exposure

4. XML External Entities (XXE)

5. Broken Access Control

6. Security Misconfiguration

7. Cross-Site Scripting (XSS)

8. Insecure Deserialization

9. Using Components with Known Vulnerabilities

10. Insuffcient Logging and Monitoring

This course is for educational purposes only.

Content

Introduction

Introduction

Installation

Install XAMPP
Install DVWA and Mutillidae
Install Burp Suite and Capture traffic

Information Gathering

Website information and technologies used
Web application subdomains
Finding other web applications installed on server

Injection vulnerability

Injection, Real breaches
SQL injection - Get database, tables and users credentials
SQL injection - ByPass checks on login page at low and medium secure levels
Command injection vulnerability

Broken Authentication vulnerability

Broken Authentication and Real Breaches
Logging as Admin by manipulating cookies
Username Harvesting

Sensitive Data Exposure

Sensitive Data Exposure - Real Breaches
Paths Exposed by Robots file and Accounts Exposed
Sensitive Information Disclosure

XML External Entities (XXE) vulnerability

XML External Entities (XXE) Flaw and Real Breaches
XXE Vulnerability Demonstration

Broken Access Control Vulnerability

Broken Access Control and Real Breaches
Insecure Direct Object Reference (IDOR)
Local File Inclusion Flaw
Remote File Inclusion Flaw

Security Misconfiguration

Security Misconfiguration - Real Breaches
Directory Browsing Issue
Unrestricted File Upload Issue

Cross-Site Scripting (XSS) & Cross Site Request Forgery (CSRF)

XSS Flaw and Real Breaches
Persistent and Reflected XSS Demonstration
Cross Site Request Forgery (CSRF) Demonstration

Insecure Deserialization

Insecure Deserialization Vulnerability

Using Components with Known Vulnerabilities

Using Components with Known Vulnerabilities

Insufficient Logging & Monitoring

Insufficient Logging & Monitoring

Bonus Section

Unvalidated Redirects and Forwards

Screenshots

Web Application Hacking & Penetration Testing - Screenshot_01Web Application Hacking & Penetration Testing - Screenshot_02Web Application Hacking & Penetration Testing - Screenshot_03Web Application Hacking & Penetration Testing - Screenshot_04

Reviews

Rushikesh
April 30, 2023
The course is completely designed for beginners, who want to scratch the surface level of the OWASP TOP 10, It would be great if more hands-on labs were included.
Sami
March 7, 2023
he got the things already installed. there is a bunch of issues i had to solve by my own. if he is showing how to install something. he should really install it. was ist too much work to set up a vm and install the things from scratch like any viewer. than it would not have happened that he forgets to mention half of the settings that have to be done in order to DVWA and mutillidae. i do not know how it goes on, but until now i depended on youtube videos to get them running so there was no sence at all to watch the course until now. on youtube by the way nobody showed to install something that was alredy installed. its really weird so far
Seelam
June 13, 2022
Firstly, Its a Two hours course. Don't Expect Detailed Explanation and Mentor covers alot of things in this two hours course, we can little bit idea from it. From there we need to do some self work on each and every Topic.
John
June 3, 2021
Super generic information provided which is available from wiki. Not enough details and explanations. Less practice.

Charts

Price

Web Application Hacking & Penetration Testing - Price chart

Rating

Web Application Hacking & Penetration Testing - Ratings chart

Enrollment distribution

Web Application Hacking & Penetration Testing - Distribution chart
3724954
udemy ID
12/24/2020
course created date
2/12/2021
course indexed date
Bot
course submited by