Web Hacking Expert - Full-Stack Exploitation Mastery

Focused View

Dawid Czagan

4:46:52

5 View

Chapter 1 - Introduction to the Course

1. Introduction.mp4

02:13

Chapter 2 - Bypassing Content Security Policy in Modern Web Applications

1. Introduction to the Section.mp4

01:49

2. Bypassing CSP through ajax.googleapis.com.mp4

17:27

3. Bypassing CSP through Flash File.mp4

10:43

4. Bypassing CSP through Polyglot File.mp4

16:38

5. Bypassing CSP through AngularJS.mp4

17:49

Chapter 3 - Hacking Web Applications through PDFs Images and Links

1. Introduction to the Section.mp4

01:30

2. Token Hijacking through PDF - Part 1.mp4

10:18

3. Token Hijacking through PDF - Part 2.mp4

15:49

4. XSS through Image - Part 1.mp4

04:08

5. XSS through Image - Part 2.mp4

05:49

6. User Redirection through window.opener Tabnabbing - Part 1.mp4

10:28

7. User Redirection through window.opener Tabnabbing - Part 2.mp4

03:26

Chapter 4 - Hacking AngularJS Applications

1. Introduction to the Section.mp4

03:36

2. AngularJS - Template Injection and scope Hacking - Part 1.mp4

05:05

3. AngularJS - Template Injection and scope Hacking - Part 2.mp4

18:12

4. AngularJS - Going Beyond the scope.mp4

18:50

5. AngularJS - Hacking a Static Template.mp4

25:11

6. Summary - Hacking AngularJS Applications.mp4

03:05

Chapter 5 - Exploiting Race Conditions in Web Applications

1. Introduction to the Section.mp4

01:54

2. Exploiting Race Conditions - Case 1 (Part1).mp4

11:28

3. Exploiting Race Conditions - Case 1 (Part2).mp4

08:34

4. Exploiting Race Conditions - Case 2.mp4

10:51

5. Case Studies of Award-Winning Race Condition Attacks.mp4

02:34

Chapter 6 - Full-Stack Attacks on Modern Web Applications

1. Introduction to the Section.mp4

01:17

2. HTTP Parameter Pollution - Part 1.mp4

06:02

3. HTTP Parameter Pollution - Part 2.mp4

10:20

4. Subdomain Takeover - Part 1.mp4

10:29

5. Subdomain Takeover - Part 2.mp4

02:36

6. Account Takeover through Clickjacking - Part 1.mp4

24:08

7. Account Takeover through Clickjacking - Part 2.mp4

04:33

Description

Modern web applications are complex and it’s all about full-stack nowadays. That’s why you need to dive into full-stack exploitation if you want to master web attacks. There is no room for classical web application hacking to exploit modern full-stack web apps and therefore, modern-day exploit methods will be showcased here. In this course, it will be shown to you how hackers can bypass Content Security Policy (CSP) which is the most powerful defensive technology in modern web applications. Then during this course, it will also be demonstrated how web applications can be hacked through PDFs, images, and links. You will also learn how hackers can steal secrets from AngularJS applications, which are very popular these days. Before concluding the course, you will understand how to exploit race conditions in web applications and how serious the consequences of this attack can be. At the end of this course, you would have gained knowledge about other powerful, full-stack attacks on modern web applications such as HTTP parameter pollution, subdomain takeover, and clickjacking.

More details

User Reviews

Rating

average 0

Total votes0

Focused display

Ethical Hacking

Penetration Testing

Dawid Czagan

Instructor's Courses

Dawid Czagan is listed among the Top 10 Hackers by HackerOne. He has found security vulnerabilities in Google, Yahoo, Mozilla, Microsoft, Twitter, and other companies. Due to the severity of these bugs, he has received numerous awards for his findings. He has delivered security training courses at key industry conferences, such as Hack In The Box, CanSecWest, 44CON, Hack In Paris, DeepSec, BruCON, and for many corporate clients. His students include security specialists from Oracle, Adobe, Red Hat, Trend Micro, Philips, ESET, ING, and the government sector. Dawid Czagan is founder and CEO at Silesia Security Lab, which delivers specialized security auditing and training services.

PacktPub

View courses PacktPub

Packt is a publishing company founded in 2003 headquartered in Birmingham, UK, with offices in Mumbai, India. Packt primarily publishes print and electronic books and videos relating to information technology, including programming, web design, data analysis and hardware.