BalCCon2k15 - Alper Basaran - Introduction to Web Application Penetration Testing скачать в хорошем качестве

BalCCon2k15 - Alper Basaran - Introduction to Web Application Penetration Testing

"Pwn all the apps" This course aims to take beginners through a step by step training on commonly found vulnerabilities such as Cross Site Scripting and SQLinjection The course covers fundamental steps of the web application penetration testing process. Starting with information gathering and moving through common vulnerabilities such as SQL injection, XSS (Cross Site Scripting) and CRSF (Cross Site Request Forgery). Besides vulnerabilities resulting from poor coding practices architectural errors that lead to vulnerabilities such as poor session handling are also covered. The course syllabus is as follows; Introduction to web application security Why do we fail? Web application penetration testing process Information gathering Google dorks Tools we need (BURP Suite, whatweb, netcat, wireshark, etc.) Setting up the lab (Damn Vulnerable Web Application) Finding vulnerabilities XSS BeEF (Browser Exploitation Framework and browser hacking) SQL injection CSRF Session management Flash vulnerabilities HTML5 vulnerabilities The rest of the OWASP Top 10 Conclusion