Web Application Penetration Testing Fundamentals

If you are in charge of building or testing web applications, being familiar with fundamental issues hackers take advantage of is key to defending your product, and your business. In this course, you'll learn the fundamentals of web app pen testing.
Course info
Rating
(19)
Level
Intermediate
Updated
Jun 13, 2017
Duration
2h 38m
Table of contents
Description
Course info
Rating
(19)
Level
Intermediate
Updated
Jun 13, 2017
Duration
2h 38m
Description

Whether you are a developer or in security understanding how applications are attacked is the key to defending them. In this course, Web Application Penetration Testing Fundamentals, you'll learn the framework of a successful web application penetration test. First, you'll begin by exploring everything that goes into the pre-engagement, preparing for the test. Next, you'll delve into various techniques for footprinting the application and the underlying servers. Finally, once you lay the groundwork, you'll discover all the common attacks on application inputs and various logic flaws development trams make. By the end of this course, you'll have a solid understanding of the basic framework of web application security assessment, the concepts, and why they are important, so you can relate it back to your own application.

About the author
About the author

Mike is an information security manager who has worked in the IT field for 17+ years. The focus of Mike's career now centers on pentesting and risk assessments. An active member in the infosec community and attends or speaks at various conferences.

More from the author
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hi everyone. My name is Mike Woolard, and welcome to my course, Web Application Penetration Testing Fundamentals. We need to protect the front door of our businesses. That's why all the various international standards require site owners to bring in hired, third-party hackers to test the application by using the latest techniques to find vulnerabilities in the code. The techniques may have changed over time, but they are all built upon the same principles, which we will cover in this course. The main topics we're going to cover include setting up the pentest, the different types of tests that can be conducted, and the pre- engagement work that goes into preparing for a test. Footprinting. It is important to understand what you are attacking and where possible attacks may work so you're not going in blind. Inputs and methods of the attack. We will spend some of the time looking at all the different inputs of the application, talking about common ways they are vulnerable, and then various methods that can be used to attack those inputs. We will take that a step further and talk about logic flaws. Logic is what separates manual pentesting from automated and an important piece of the pentest. Finally, reporting. What good is performing all this work if no one knows what you did and what you found? By the end of this course, you will have a solid understanding of the basic framework of a web application security assessment. Whether you are a developer or in security, understanding how the applications are attacked is key to defending them. I hope you'll join me on this journey as we start the process to learn how to run your own web application pentest with the Web Application Penetration Testing Fundamentals course here at Pluralsight.