Version v.1.0
lecture: Introduction to Web Application Penetration Testing
"Pwn all the apps"
This course aims to take beginners through a step by step training on commonly found vulnerabilities such as Cross Site Scripting and SQLinjection
The course covers fundamental steps of the web application penetration testing process. Starting with information gathering and moving through common vulnerabilities such as SQL injection, XSS (Cross Site Scripting) and CRSF (Cross Site Request Forgery). Besides vulnerabilities resulting from poor coding practices architectural errors that lead to vulnerabilities such as poor session handling are also covered.
The course syllabus is as follows;
- Introduction to web application security
- Why do we fail?
- Web application penetration testing process
- Information gathering
- Google dorks
- Tools we need (BURP Suite, whatweb, netcat, wireshark, etc.)
- Setting up the lab (Damn Vulnerable Web Application)
- Finding vulnerabilities
- XSS
- BeEF (Browser Exploitation Framework and browser hacking)
- SQL injection
- CSRF
- Session management
- Flash vulnerabilities
- HTML5 vulnerabilities
- The rest of the OWASP Top 10
- Conclusion
Info
Day:
2015-09-11
Start time:
17:15
Duration:
02:00
Room:
Milankovic
Links:
Files
Feedback
Click here to let us know how you liked this event.
Concurrent events
Speakers
Alper Basaran |