Web Application Penetration Testing: Input Validation

Focused View

Dawid Czagan

49:52

18 View

1-Course Overview

01-Course Overview.mp4

02:19

2-Testing for Cross-Site Scripting and AngularJS Template Injection

02-Overview - Cross-Site Scripting.mp4

02:56

03-Demo - Cross-Site Scripting.mp4

04:29

04-Overview - AngularJS Template Injection.mp4

03:26

05-Demo - AngularJS Template Injection.mp4

04:01

06-Summary.mp4

01:30

3-Testing for XML External Entity Attack and HTTP Parameter Pollution

07-Overview - XML External Entity Attack.mp4

03:58

08-Demo - XML External Entity Attack.mp4

03:07

09-Overview - HTTP Parameter Pollution.mp4

03:14

10-Demo - HTTP Parameter Pollution.mp4

04:22

11-Summary.mp4

01:27

4-Testing for SQL Injection and Insecure Direct Object Reference

12-Overview - SQL Injection.mp4

06:01

13-Demo - SQL Injection.mp4

02:37

14-Overview - Insecure Direct Object Reference.mp4

03:19

15-Demo - Insecure Direct Object Reference.mp4

01:25

16-Summary.mp4

01:41

Description

In this course, you’ll learn how to test for input validation in web applications. The majority of attacks on web applications are related to improper input validation and that’s the reason why this subject is interesting for penetration testers.

What You'll Learn?

Improper input validation can lead to very severe consequences. In this course, Web Application Penetration Testing: Input Validation, you will learn how to test for input validation in modern web applications. First, you will learn about a cross-site scripting attack and AngularJS template injection. You will see how the attacker can steal a user’s password as a result of a cross-site scripting attack. I will also present how the attacker can proceed from AngularJS template injection to cross-site scripting. Next, you will explore XML external entity attacks and HTTP parameter pollution. You will see how the attacker can read the content of sensitive files from the web server as a result of an XML external entity attack. You will also see how the attacker can bypass authorization as a result of HTTP parameter pollution. Finally, you will discover SQL injection and Insecure Direct Object Reference. You will see how the attacker can bypass password verification as a result of SQL injection. You will also see how the attacker can gain unauthorized access to the account of another user as a result of Insecure Direct Object Reference. By the end of this course, you will know how to test for input validation in modern web applications and how to provide countermeasures for different types of attacks related to improper input validation.

More details

User Reviews

Rating

average 0

Total votes0

Focused display

Web App Development

Penetration Testing

Dawid Czagan

Instructor's Courses

Dawid Czagan is listed among the Top 10 Hackers by HackerOne. He has found security vulnerabilities in Google, Yahoo, Mozilla, Microsoft, Twitter, and other companies. Due to the severity of these bugs, he has received numerous awards for his findings. He has delivered security training courses at key industry conferences, such as Hack In The Box, CanSecWest, 44CON, Hack In Paris, DeepSec, BruCON, and for many corporate clients. His students include security specialists from Oracle, Adobe, Red Hat, Trend Micro, Philips, ESET, ING, and the government sector. Dawid Czagan is founder and CEO at Silesia Security Lab, which delivers specialized security auditing and training services.

Pluralsight

View courses Pluralsight

Pluralsight, LLC is an American privately held online education company that offers a variety of video training courses for software developers, IT administrators, and creative professionals through its website. Founded in 2004 by Aaron Skonnard, Keith Brown, Fritz Onion, and Bill Williams, the company has its headquarters in Farmington, Utah. As of July 2018, it uses more than 1,400 subject-matter experts as authors, and offers more than 7,000 courses in its catalog. Since first moving its courses online in 2007, the company has expanded, developing a full enterprise platform, and adding skills assessment modules.