Páginas

jueves, 5 de diciembre de 2019

Web Application Penetration Testing Course URLs


Web Application Penetration Testing Course URLs

by Daniel Durnea https://www.facebook.com/Ro0tX

Phase 1 – History

      1.   History of Internet - https://www.youtube.com/watch?v=9hIQjrMHTv4 

Phase 2 – Web and Server Technology
1.     Basic concepts of web applications, how they work and the HTTP protocol - https://www.youtube.com/watch?v=RsQ1tFLwldY&t=7s
2.     HTML basics part 1 - https://www.youtube.com/watch?v=p6fRBGI_BY    
3.     HTML basics part 2 - https://www.youtube.com/watch?v=Zs6lzuBVK2w  
4.     Difference between static and dynamic website - https://www.youtube.com/watch?v=hlg6q6OFox         Q 
5.     HTTP protocol Understanding - https://www.youtube.com/watch?v=JFZMyhRTVt0 
6.     Parts of HTTP Request -https://www.youtube.com/watch?v=pHFWGN-upGM
7.     Parts of HTTP Response - https://www.youtube.com/watch?v=c9sMNc2PrMU 
8.     Various HTTP Methods - https://www.youtube.com/watch?v=PO7D20HsFsY 
9.     Understanding URLS - https://www.youtube.com/watch?v=5Jr-_Za5yQM 
10.  Intro to REST - https://www.youtube.com/watch?v=YCcAE2SCQ6k 
11.  HTTP Request & Response Headers - https://www.youtube.com/watch?v=vAuZwirKjW   s  
12.  What is a cookie - https://www.youtube.com/watch?v=I01XMRo2ESg 
13.  HTTP Status codes - https://www.youtube.com/watch?v=VLH3FMQ5BIQ 
15.  Authentication with HTTP - https://www.youtube.com/watch?v=GxiFXUFKo1     
16.  HTTP basic and digest authentication - https://www.youtube.com/watch?v=GOnhCbDhMzk  
17.  What is “Server-Side” - https://www.youtube.com/watch?v=JnCLmLO9LhA
18.  Server and client side with example - https://www.youtube.com/watch?v=DcBB2Fp8WN            I  
20.  Introduction to UTF-8 and Unicode - https://www.youtube.com/watch?v=sqPTR_v4qFA  
22.  HTML encoding - https://www.youtube.com/watch?v=IiAfCLWpgII&t=109          
23.  Base64 encoding - https://www.youtube.com/watch?v=8qkxeZmKmOY 
24.  Hex encoding & ASCII - https://www.youtube.com/watch?v=WW2SaCMnHdU 


Phase 3 – Setting up the lab with BurpSuite and bWAPP

MANISH AGRAWAL  
1.     Setup lab with bWAPP - https://www.youtube.com/watch?v=dwtUn3giwTk&index=1&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV


Phase 4 – Mapping the application and attack surface
2.     Mapping application using robots.txt - https://www.youtube.com/watch?v=akuzgZ75zr  k  
3.     Discover hidden contents using dirbuster - https://www.youtube.com/watch?v=--nu9Jq07gA
4.     Dirbuster in detail - https://www.youtube.com/watch?v=2tOQC68hAcQ
5.     Discover hidden directories and files with intruder - https://www.youtube.com/watch?v=4Fz9mJeMNk   I  
6.     Identify application entry points - https://www.youtube.com/watch?v=IgJWPZ2OKO8&t=34s
8.     Identify client and server technology - https://www.youtube.com/watch?v=B8jN_iWjtyM
9.     Identify server technology using banner grabbing (telnet) - https://www.youtube.com/watch?v=O67M-U2UOAg  10. Identify server technology using httprecon - https://www.youtube.com/watch?v=xBBHtS-dwsM

Phase 5 – Understanding and exploiting OWASP top 10 vulnerabilities

      1.   A closer look at all owasp top 10 vulnerabilities - https://www.youtube.com/watch?v=avFR_Af0KGk

IBM
7.     Missing functional level access controls  - https://www.youtube.com/watch?v=VMv_gyCNGpk&list=PLoyY7ZjHtUUVLs2fy-ctzZDSPpawuQ28d&index=7
9.     Using components with known vulnerabilities   - https://www.youtube.com/watch?v=bhJmVBJ-F-4&index=9&list=PLoyY7ZjHtUUVLs2fy-ctzZDSPpawuQ28d


F5 CENTRAL
2.     Broken authentication and session management  - https://www.youtube.com/watch?v=mruO75ONWy8&index=2&list=PLyqga7AXMtPPuibxp1N0TdyDrKwP9H_jD

LUKE BRINER

Phase 6 – Bypassing client-side controls
1.     What is hidden forms in HTML - https://www.youtube.com/watch?v=orUoGsgaYAE 
2.     Bypassing hidden form fields using tamper data - https://www.youtube.com/watch?v=NXkGX2sPw7       I
3.     Bypassing hidden form fields using Burp Suite (Purchase application) - https://www.youtube.com/watch?v=xahvJyUFTfM 
4.     Changing price on eCommerce website using parameter tampering - https://www.youtube.com/watch?v=A-ccNpP06Zg
6.     Cookie tampering with tamper data- https://www.youtube.com/watch?v=NgKXm0lBecc  
7.     Cookie tamper part 2 - https://www.youtube.com/watch?v=dTCt_I2DWgo 
8.     Understanding referer header in depth using Cisco product - https://www.youtube.com/watch?v=GkQnBa3C7WI&t=35s  
9.     Introduction to ASP.NET viewstate - https://www.youtube.com/watch?v=L3p6Uw6SSX   
10.  ASP.NET viewstate in depth - https://www.youtube.com/watch?v=Fn_08JLsrmY
11.  Analyse sensitive data in ASP.NET viewstate - https://msdn.microsoft.com/en-us/library/ms972427.aspx?f=255&MSPPError=-2147217396

Phase 7 – Attacking authentication/login
1.     Attacking login panel with bad password - Guess username password for the website and try different combinations
2.     Brute-force login panel - https://www.youtube.com/watch?v=25cazx5D_vw 
3.     Username enumeration - https://www.youtube.com/watch?v=WCO7LnSlskE
4.     Username enumeration with bruteforce password attack - https://www.youtube.com/watch?v=zf3-pYJU1c4
5.     Authentication over insecure HTTP protocol - https://www.youtube.com/watch?v=ueSG7TUqoxk
6.     Authentication over insecure HTTP protocol - https://www.youtube.com/watch?v=_WQe36pZ3mA
7.     Forgot password vulnerability - case 1 - https://www.youtube.com/watch?v=FEUidWWnZwU 
8.     Forgot password vulnerability - case 2 - https://www.youtube.com/watch?v=j7-8YyYdWL4
9.     Login page autocomplete feature enabled - https://www.youtube.com/watch?v=XNjUfwDmHGc&t=33s
11.  Insecure distribution of credentials - When you register in any website or you request for a password reset using forgot password feature, if the website sends your username and password over the email in cleartext without sending the password reset link, then it is a vulnerability.

Phase 8 – Phase 8 - Attacking access controls (IDOR, Priv esc, hidden files and directories)

Completely unprotected functionalities
1.     Finding admin panel - https://www.youtube.com/watch?v=r1k2lgvK3s0
2.     Finding admin panel and hidden files and directories - https://www.youtube.com/watch?v=Z0VAPbATy1A
3.     Finding hidden webpages with dirbusater - https://www.youtube.com/watch?v=--nu9Jq07gA&t=5s

Insecure direct object reference4.     IDOR case 1 - https://www.youtube.com/watch?v=gci4R9Vkulc
5.     IDOR case 2 - https://www.youtube.com/watch?v=4DTULwuLFS0
6.     IDOR case 3 (zomato) - https://www.youtube.com/watch?v=tCJBLG5Mayo

Privilege escalation
      7.     What is privilege escalation - https://www.youtube.com/watch?v=80RzLSrczm   c
8.     Privilege escalation - Hackme bank - case 1 - https://www.youtube.com/watch?v=g3lv__87cWM
9.     Privilege escalation - case 2 - https://www.youtube.com/watch?v=-i4O_hjc87Y

Phase 9 – Attacking data stores (Various types of injection attacks - SQL|MySQL|NoSQL|Oracle, etc.)

Bypassing login panel
1.     Basics of MySQL - https://www.youtube.com/watch?v=yPu6qV5byu4
2.     Bypassing login panel -case 1 - https://www.youtube.com/watch?v=TSqXkkOt6oM
3.     Bypass login panel - case 2 - https://www.youtube.com/watch?v=J6v_W-LFK1c

SQL injection
12.  Part 12 - POST parameter injection double query based - https://www.youtube.com/watch?v=tjFXWQY4LuA&index=12&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro
13.  Part 13 - POST parameter injection blind boolean and time based - https://www.youtube.com/watch?v=411G-4nH5jE&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro&index=10
23.  Part 23 - Bypassing addslashes - charset mismatch - https://www.youtube.com/watch?v=du-jkS6-sbo&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro&index=1 

NoSQL injection
      1.     Abusing NoSQL databases - https://www.youtube.com/watch?v=lcO1BTNh8r     
2.     Making cry - attacking NoSQL for pentesters - https://www.youtube.com/watch?v=NgsesuLpyO  g

Xpath injection
     1.     Detailed introduction - https://www.youtube.com/watch?v=2_UyM6Ea0Yk&t=3102       s
2.     Practical 1 - bWAPP - https://www.youtube.com/watch?v=6tV8EuaHI9   
3.     Practical 2 - Mutillidae - https://www.youtube.com/watch?v=fV0qsqcScI 
4.     Practical 3 - webgoat - https://www.youtube.com/watch?v=5ZDSPVp1Tp           

LDAP injection
      1.     Introduction and practical 1 - https://www.youtube.com/watch?v=-TXFlg7S9k    
2.     Practical 2 - https://www.youtube.com/watch?v=wtahzm_R8e   


Phase 10 – Attacking back-end components (OS command injection, XMl interpreters, mail services, etc.)

OS command injection
      1.   OS command injection in bWAPP - https://www.youtube.com/watch?v=qLIkGJrMY9 




1 comentario:

  1. Slots Casino - Jtmhub.com
    › slots-casino 진주 출장안마 › slots-casino Oct 20, 2021 — Oct 20, 남원 출장마사지 2021 남원 출장샵 The most comprehensive 수원 출장마사지 collection of casino 나주 출장안마 slot machines is available at Jtm's wide selection of slots, video poker machines and table games. Jt Slots Casino offers the

    ResponderEliminar