Web App Penetration Testing & Bug Bounty Hunting
This course is for Absolute Beginners to Expert levels and Freshers out of College who want to start career with Web Security.
This course is for Absolute Beginners to Expert levels. A variety of applications with known Web Security vulnerabilities and Web App Penetration Testing.
- Setting up a web app pentesting lab
- Burp Suite
- Testing for account enumeration and guessable accounts
- Weak lock-out mechanisms
- Testing for bypassing authentication schemes
- Browser cache weaknesses
- Testing the account provisioning process via REST API
- Testing for directory traversal
- Local File Include (LFI)
- Remote File Include (RFI)
- Testing for privilege escalation
- IDOR
- Testing session token strength using Sequencer
- Testing for cookie attributes
- Testing for session fixation
- Exposed session variables
- Cross-Site Request Forgery
- Testing business logic data validation
- Unrestricted file upload – bypassing weak validation
- Performing process-timing attacks
- Testing for the circumvention of workflows
- Uploading malicious files – polyglots
- Reflected cross-site scripting
- Stored cross-site scripting
- Testing for HTTP verb tampering
- HTTP Parameter Pollution
- Testing for SQL injection
- Command injection
Web App Penetration Testing - Home LAB.
1 - How To Setup A Virtual Penetration Testing Lab
2 - Listening for HTTP traffic, using Burp
3 - Getting to Know the Burp Suite of Tools, Know the Burp Suite
4 - Assessing Authentication Schemes
5 - Assessing Authorization Checks
6 - Assessing Session Management Mechanisms
7 - Assessing Business Logic
8 - Evaluating Input Validation Checks
Above mentioned points will cover in this course which is help you to find Web Security Vulnerabilities and Web App Penetration testing