Course details
Web attacks are a major business risk that is hurting the reputation of corporate field.
We have seen in our past time that personal data of users & user accounts are compromised.
Security of major fortune companies like facebook, flickr etc. were compromised and we have the live demonstration & mitigation of those attacks with complete case study.
This is a very comprehensive course on website hacking and mitigation with case studies, assuming that… + Read More
Course details
Web attacks are a major business risk that is hurting the reputation of corporate field.
We have seen in our past time that personal data of users & user accounts are compromised.
Security of major fortune companies like facebook, flickr etc. were compromised and we have the live demonstration & mitigation of those attacks with complete case study.
This is a very comprehensive course on website hacking and mitigation with case studies, assuming that student is a beginner and has no prior experience.
We have even designed our own SQL Lab so that you can try the live demonstrations of this number 1 vulnerability of OWASP as a bonus.
Let's have a look at the course flow now.
- First of all you'll be getting the basic introduction on what types of hackers are there on this earth and how many job opportunities are there in this field.
- We will have a look at the platforms where you can make tons of money by reporting bugs.
- We will setup our own pentesting lab so that you cannot harm anyone.
- We will take a quick crash course on Linux so that you can get friendly with the basic linux commands.
- We will also talk about maintaining anonymity and how to trace the criminals with their mac addresses.
- We will then jump on to the information gathering of the websites because you should have a complete knowledge of the background that you are playing in.
Vulnerabilities :-
- Payment Gateway bypass & OTP Brute forcing :- We will learn that how you can brute force the one time password that is given to the user to verify and how you can manipulate the payment gateway bypass.
- Local File inclusion - This vulnerability can be used to read any file on the target derver, this can exploited to read sensitive files, we will not stop at that though, you will learn two methods to escalate this vulnerability and get a reverse shell connection which gives you full control over the target web server.
- Remote File inclusion - This vulnerability can be load remote files on the target web server, exploiting this vulnerability properly gives you full control over the target web server.
- File upload : This vulnerability allow attackers to upload executable files on the target web server, exploiting these vulnerabilities properly gives you full control over the target website .
- Code Execution - This vulnerability allow users to run system code on the target web server, this can be used to execute malicious code and get a reverse shell access which gives the attacker full control over the target web server.
- SQL Injection- This is one of the biggest sections on the course, this is because this is one of the most dangerous vulnerabilities ever, it is found everywhere, not only that but it can be exploited to do all of the things the above vulnerabilities allow us to and more, so it allows you to login as admin without knowing the password, access the database and get all data stored there such as usernames, passwords, credit cards ....etc, read files stored in the server, write files to the server and even get a reverse shell access which gives you full control over the web server!
- XSS - This vulnerability can be used to run javascript code on users who access the vulnerable pages, we won't stop at that, you will learn how to steal credentials from users (such as facebook or youtube passwords) and even gain full access to their computer. You will learn all three types (reflected, stored and DOM-based).
- Insecure Session Management - In this section you will learn how to exploit insecure session management in web applications and login to other user accounts without knowing their password, you'll also learn how to discover and exploit CSRF (Cross Site Reguest Forgery.
- Brute Force & Dictionary Attacks - In this section you will learn what are these attacks, what is the difference between them and how to launch them, in successful cases you will be able to guess the password for your target login.
All the attacks in this course are practical attacks that work against any real websites, in each vulnerability you will learn the basic exploitation, then you will learn advanced methods that will give you more privileges or allow you to bypass security measurements -- You will learn how and why these vulnerabilities are exploitable, how to fix them and what are the right practices to avoid casing them.
NOTE: This course is created for educational purposes only and all the attacks are launched in my own lab or against devices that I have permission to test.
Updated on 25 February, 2018 - Read Less
