Ethical Hacking: Hacking Web Applications

Focused View

Troy Hunt

4:49:02

23 View

01 - Overview.mp4

02:32

02 - The State of Web Application Security.mp4

03:37

03 - Understanding Web Application Security.mp4

05:42

04 - Query Strings, Routing, and HTTP Verbs.mp4

08:47

05 - The Discoverability of Client Security Constructs.mp4

03:52

06 - Protections Offered by Browsers.mp4

08:30

07 - What the Browser Cant Defend Against.mp4

02:26

08 - Whats Not Covered in This Course.mp4

01:26

09 - Summary.mp4

02:08

10 - Overview.mp4

02:16

11 - Spidering with NetSparker.mp4

06:01

12 - Forced Browsing with Burp Suite.mp4

09:24

13 - Directory Traversal.mp4

04:27

14 - Banner Grabbing with Wget.mp4

02:35

15 - Server Fingerprinting with Nmap.mp4

03:48

16 - Discovery of Development Artefacts with Acunetix.mp4

03:39

17 - Discovery of Services via Generated Documentation.mp4

04:20

18 - Discovering Framework Risks.mp4

02:55

19 - Identifying Vulnerable Targets with Shodan.mp4

01:48

20 - Summary.mp4

01:49

21 - Overview.mp4

02:00

22 - OWASP and the Top 10 Web Application Security Risks.mp4

02:18

23 - Understanding Untrusted Data.mp4

05:46

24 - Parameter Tampering.mp4

06:11

25 - Hidden Field Tampering.mp4

03:39

26 - Mass Assignment Attacks.mp4

04:29

27 - Cookie Poisoning.mp4

02:50

28 - Insecure Direct Object References.mp4

04:29

29 - Defending Against Tampering.mp4

04:35

30 - Summary.mp4

01:34

31 - Overview.mp4

02:06

32 - Reflected Cross Site Scripting (XSS).mp4

09:33

33 - Persistent Cross Site Scripting (XSS).mp4

05:30

34 - Defending Against XSS Attacks.mp4

03:39

35 - Identifying XSS Risks and Evading Filters.mp4

03:25

36 - Client Only Validation.mp4

07:26

37 - Insufficient Transport Layer Security.mp4

08:15

38 - Cross Site Request Forgery (CSRF).mp4

07:36

39 - Summary.mp4

02:40

40 - Overview.mp4

02:55

41 - Understanding Weaknesses in Identity Management.mp4

02:48

42 - Identity Enumeration.mp4

08:03

43 - Weaknesses in the Remember Me Feature.mp4

04:51

44 - Resources Missing Access Controls.mp4

02:27

45 - Insufficient Access Controls.mp4

04:06

46 - Privilege Elevation.mp4

03:15

47 - Summary.mp4

02:10

48 - Overview.mp4

02:25

49 - Understanding DoS.mp4

03:46

50 - Exploiting Password Resets.mp4

02:49

51 - Exploiting Account Lockouts.mp4

05:10

52 - Distributed Denial of Service (DDoS).mp4

04:39

53 - Automating DDoS Attacks with LOIC.mp4

04:59

54 - DDoS as a Service.mp4

03:21

55 - Features at Risk of a DDoS Attack.mp4

03:33

56 - Other DDoS Attacks and Mitigations.mp4

09:39

57 - Summary.mp4

02:40

58 - Overview.mp4

02:33

59 - Improper Error Handling.mp4

06:35

60 - Understanding Salted Hashes.mp4

05:48

61 - Insecure Cryptographic Storage.mp4

07:42

62 - Unvalidated Redirects and Forwards.mp4

06:38

63 - Exposed Exceptions Logs with ELMAH.mp4

04:43

64 - Vulnerabilities in Web Services.mp4

08:06

65 - Summary.mp4

03:18

Description

Pluralsight is not an official partner or accredited training center of EC-Council. Understanding how to detect and identify risks in your web applications is absolutely critical. This course goes through the risks in depth.

What You'll Learn?

Pluralsight is not an official partner or accredited training center of EC-Council. The security profile of web applications is enormously important when it comes to protecting sensitive customer data, financial records, and reputation. Yet, web applications are frequently the target of malicious actors who seek to destroy these things by exploiting vulnerabilities in the software. Most attacks against web applications exploit well known vulnerabilities for which tried and tested defenses are already well-established. Learning these patterns – both those of the attacker and the defender – is essential for building the capabilities required to properly secure applications on the web today. In this course, we'll look a range of different security paradigms within web applications both conceptually and in practice. They'll be broken down into detail, exploited, and then discussed in the context of how the attacks could have been prevented. This course is part of the Ethical Hacking Series. http://blog.pluralsight.com/learning-path-ethical-hacking

More details

User Reviews

Rating

average 0

Total votes0

Focused display

Web App Development

Ethical Hacking

Troy Hunt

Instructor's Courses

Troy Hunt is a Microsoft Regional Director and MVP for Developer Security, an ASPInsider, and a full time Author for Pluralsight—a leader in online training for technology and creative professionals. Troy has been building software for browsers since the very early days of the web and possesses an exceptional ability to distill complex subjects into relatable explanations. This has led Troy to become an industry thought leader in the security space and produce more than twenty top-rated courses for Pluralsight. Currently, Troy is heavily involved in Have I been pwned? (HIBP) a free service that aggregates data breaches and helps people establish potential impacts from malicious web activity. Troy blogs regularly about web security and is a frequent speaker at industry conferences across the globe and throughout the media to discuss a wide range of technologies. Troy has been featured in a number of articles with publications including Forbes, TIME magazine, Mashable, PCWorld, ZDNet and Yahoo! Tech. Aside from technology and security, Troy is an avid snowboarder, windsurfer and tennis player

Pluralsight

View courses Pluralsight

Pluralsight, LLC is an American privately held online education company that offers a variety of video training courses for software developers, IT administrators, and creative professionals through its website. Founded in 2004 by Aaron Skonnard, Keith Brown, Fritz Onion, and Bill Williams, the company has its headquarters in Farmington, Utah. As of July 2018, it uses more than 1,400 subject-matter experts as authors, and offers more than 7,000 courses in its catalog. Since first moving its courses online in 2007, the company has expanded, developing a full enterprise platform, and adding skills assessment modules.