This course introduces application security testing, focusing on fundamental tradecraft and vulnerability exploitation. Topics of interest include web application reconnaissance, reflected, stored, and DOM-based cross-site scripting (XSS), secure session and cookie management, cross-site request forgery (CSRF), SQL injection, and SQL injection. The course will incorporate a balance of web application security theory and hands-on lab exercises, beginning with basic zero-touch techniques and culminating in achieving both server- and client-side remote code execution.
Prereqs: This is a professional series course. It is highly recommended students take and complete Pentesting 101 & Pentesting 102 before taking this course.
Status: Pre-Order December 20th, 2023
Course Author: Gabriel Ryan @s0lst1c3 / hackn.com
Format: Digital Learn-On-Demand (4-5hrs)
High-Level Outline
- Section 1: Introductions
- Section 2: Introduction to Web Application Pentesting
- Section 3: Information Gathering
- Section 4: Cross-Site Scripting (XSS)
- Section 5: Basic SQL Injections - Part 1
- Section 6: Basic SQL Injections - Part 2
- Section 7: Conclusion
Disclaimer - Our courses and the skills taught within are designed for authorized/legal security testing, and ethical hacking only. By watching you agree not to use any of the skills, tools, techniques, or tradecraft for any illicit purposes.
