1. Home
  2. Google Doc
  3. Web Application Penetration Testing Course URLs.docx

Web Application Penetration Testing Course URLs.docx

Course in web security for your application/website - Sourceful

security, software, web development

Web Application Penetration Testing





Phase 1 – History



1. History of Internet - https://www.youtube.com/watch?v=9hIQjrMHTv4



Phase 2 – Web and Server Technology



2. Basic concepts of web applications, how they work and the HTTP protocol - https://www.youtube.com/watch?v=RsQ1tFLwldY&t=7s

3. HTML basics part 1 - https://www.youtube.com/watch?v=p6fRBGI_BY0

4. HTML basics part 2 - https://www.youtube.com/watch?v=Zs6lzuBVK2w

5. Difference between static and dynamic website - https://www.youtube.com/watch?v=hlg6q6OFoxQ

6. HTTP protocol Understanding - https://www.youtube.com/watch?v=JFZMyhRTVt0

7. Parts of HTTP Request -https://www.youtube.com/watch?v=pHFWGN-upGM

8. Parts of HTTP Response - https://www.youtube.com/watch?v=c9sMNc2PrMU

9. Various HTTP Methods - https://www.youtube.com/watch?v=PO7D20HsFsY

10. Understanding URLS - https://www.youtube.com/watch?v=5Jr-_Za5yQM

11. Intro to REST - https://www.youtube.com/watch?v=YCcAE2SCQ6k

12. HTTP Request & Response Headers - https://www.youtube.com/watch?v=vAuZwirKjWs

13. What is a cookie - https://www.youtube.com/watch?v=I01XMRo2ESg

14. HTTP Status codes - https://www.youtube.com/watch?v=VLH3FMQ5BIQ

15. HTTP Proxy - https://www.youtube.com/watch?v=qU0PVSJCKcs

16. Authentication with HTTP - https://www.youtube.com/watch?v=GxiFXUFKo1M

17. HTTP basic and digest authentication - https://www.youtube.com/watch?v=GOnhCbDhMzk

18. What is “Server-Side” - https://www.youtube.com/watch?v=JnCLmLO9LhA

19. Server and client side with example - https://www.youtube.com/watch?v=DcBB2Fp8WNI

20. What is a session - https://www.youtube.com/watch?v=WV4DJ6b0jhg&t=202s

21. Introduction to UTF-8 and Unicode - https://www.youtube.com/watch?v=sqPTR_v4qFA

22. URL encoding - https://www.youtube.com/watch?v=Z3udiqgW1VA

23. HTML encoding - https://www.youtube.com/watch?v=IiAfCLWpgII&t=109s

24. Base64 encoding - https://www.youtube.com/watch?v=8qkxeZmKmOY

25. Hex encoding & ASCII - https://www.youtube.com/watch?v=WW2SaCMnHdU











Phase 3 – Setting up the lab with BurpSuite and bWAPP



MANISH AGRAWAL



26. Setup lab with bWAPP - https://www.youtube.com/watch?v=dwtUn3giwTk&index=1&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV

27. Set up Burp Suite - https://www.youtube.com/watch?v=hQsT4rSa_v0&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV&index=2

28. Configure Firefox and add certificate - https://www.youtube.com/watch?v=hfsdJ69GSV4&index=3&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV

29. Mapping and scoping website - https://www.youtube.com/watch?v=H-_iVteMDRo&index=4&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV

30. Spidering - https://www.youtube.com/watch?v=97uMUQGIe14&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV&index=5

31. Active and passive scanning - https://www.youtube.com/watch?v=1Mjom6AcFyU&index=6&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV

32. Scanner options and demo - https://www.youtube.com/watch?v=gANi4Kt7-ek&index=7&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV

33. Introduction to password security - https://www.youtube.com/watch?v=FwcUhcLO9iM&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV&index=8

34. Intruder - https://www.youtube.com/watch?v=wtMg9oEMTa8&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV&index=9

35. Intruder attack types - https://www.youtube.com/watch?v=N5ndYPwddkQ&index=10&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV

36. Payload settings - https://www.youtube.com/watch?v=5GpdlbtL-1Q&index=11&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV

37. Intruder settings - https://www.youtube.com/watch?v=B_Mu7jmOYnU&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV&index=12



ÆTHER SECURITY LAB



38. No.1 Penetration testing tool - https://www.youtube.com/watch?v=AVzC7ETqpDo&list=PLq9n8iqQJFDrwFe9AEDBlR1uSHEN7egQA&index=1

39. Environment Setup - https://www.youtube.com/watch?v=yqnUOdr0eVk&index=2&list=PLq9n8iqQJFDrwFe9AEDBlR1uSHEN7egQA

40. General concept - https://www.youtube.com/watch?v=udl4oqr_ylM&list=PLq9n8iqQJFDrwFe9AEDBlR1uSHEN7egQA&index=3

41. Proxy module - https://www.youtube.com/watch?v=PDTwYFkjQBE&list=PLq9n8iqQJFDrwFe9AEDBlR1uSHEN7egQA&index=4

42. Repeater module - https://www.youtube.com/watch?v=9Zh_7s5csCc&list=PLq9n8iqQJFDrwFe9AEDBlR1uSHEN7egQA&index=5

43. Target and spider module - https://www.youtube.com/watch?v=dCKPZUSOlr8&list=PLq9n8iqQJFDrwFe9AEDBlR1uSHEN7egQA&index=6

44. Sequencer and scanner module - https://www.youtube.com/watch?v=G-v581pXerE&list=PLq9n8iqQJFDrwFe9AEDBlR1uSHEN7egQA&index=7



Phase 4 – Mapping the application and attack surface



45. Spidering - https://www.youtube.com/watch?v=97uMUQGIe14&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV&index=5

46. Mapping application using robots.txt - https://www.youtube.com/watch?v=akuzgZ75zrk

47. Discover hidden contents using dirbuster - https://www.youtube.com/watch?v=--nu9Jq07gA

48. Dirbuster in detail - https://www.youtube.com/watch?v=2tOQC68hAcQ

49. Discover hidden directories and files with intruder - https://www.youtube.com/watch?v=4Fz9mJeMNkI

50. Directory bruteforcing 1 - https://www.youtube.com/watch?v=ch2onB_LFoI

51. Directory bruteforcing 2 - https://www.youtube.com/watch?v=ASMW_oLbyIg

52. Identify application entry points - https://www.youtube.com/watch?v=IgJWPZ2OKO8&t=34s

53. Identify application entry points - https://www.owasp.org/index.php/Identify_application_entry_points_(OTG-INFO-006)

54. Identify client and server technology - https://www.youtube.com/watch?v=B8jN_iWjtyM

55. Identify server technology using banner grabbing (telnet) - https://www.youtube.com/watch?v=O67M-U2UOAg

56. Identify server technology using httprecon - https://www.youtube.com/watch?v=xBBHtS-dwsM

57. Pentesting with Google dorks Introduction - https://www.youtube.com/watch?v=NmdrKFwAw9U

58. Fingerprinting web server - https://www.youtube.com/watch?v=tw2VdG0t5kc&list=PLxLRoXCDIalcRS5Nb1I_HM_OzS10E6lqp&index=10

59. Use Nmap for fingerprinting web server - https://www.youtube.com/watch?v=VQV-y_-AN80

60. Review webs servers metafiles for information leakage - https://www.youtube.com/watch?v=sds3Zotf_ZY

61. Enumerate applications on web server - https://www.youtube.com/watch?v=lfhvvTLN60E

62. Identify application entry points - https://www.youtube.com/watch?v=97uMUQGIe14&list=PLDeogY2Qr-tGR2NL2X1AR5Zz9t1iaWwlM

63. Map execution path through application - https://www.youtube.com/watch?v=0I0NPiyo9UI

64. Fingerprint web application frameworks - https://www.youtube.com/watch?v=ASzG0kBoE4c



Phase 5 – Understanding and exploiting OWASP top 10 vulnerabilities



65. A closer look at all owasp top 10 vulnerabilities - https://www.youtube.com/watch?v=avFR_Af0KGk



IBM



66. Injection - https://www.youtube.com/watch?v=02mLrFVzIYU&index=1&list=PLoyY7ZjHtUUVLs2fy-ctzZDSPpawuQ28d

67. Broken authentication and session management - https://www.youtube.com/watch?v=iX49fqZ8HGA&index=2&list=PLoyY7ZjHtUUVLs2fy-ctzZDSPpawuQ28d

68. Cross-site scripting - https://www.youtube.com/watch?v=x6I5fCupLLU&index=3&list=PLoyY7ZjHtUUVLs2fy-ctzZDSPpawuQ28d

69. Insecure direct object reference - https://www.youtube.com/watch?v=-iCyp9Qz3CI&list=PLoyY7ZjHtUUVLs2fy-ctzZDSPpawuQ28d&index=4

70. Security misconfiguration - https://www.youtube.com/watch?v=cIplXL8idyo&list=PLoyY7ZjHtUUVLs2fy-ctzZDSPpawuQ28d&index=5

71. Sensitive data exposure - https://www.youtube.com/watch?v=rYlzTQlF8Ws&index=6&list=PLoyY7ZjHtUUVLs2fy-ctzZDSPpawuQ28d

72. Missing functional level access controls - https://www.youtube.com/watch?v=VMv_gyCNGpk&list=PLoyY7ZjHtUUVLs2fy-ctzZDSPpawuQ28d&index=7

73. Cross-site request forgery - https://www.youtube.com/watch?v=_xSFm3KGxh0&list=PLoyY7ZjHtUUVLs2fy-ctzZDSPpawuQ28d&index=8

74. Using components with known vulnerabilities - https://www.youtube.com/watch?v=bhJmVBJ-F-4&index=9&list=PLoyY7ZjHtUUVLs2fy-ctzZDSPpawuQ28d

75. Unvalidated redirects and forwards - https://www.youtube.com/watch?v=L6bYKiLtSL8&index=10&list=PLoyY7ZjHtUUVLs2fy-ctzZDSPpawuQ28d





F5 CENTRAL



76. Injection - https://www.youtube.com/watch?v=rWHvp7rUka8&index=1&list=PLyqga7AXMtPPuibxp1N0TdyDrKwP9H_jD

77. Broken authentication and session management - https://www.youtube.com/watch?v=mruO75ONWy8&index=2&list=PLyqga7AXMtPPuibxp1N0TdyDrKwP9H_jD

78. Insecure deserialisation - https://www.youtube.com/watch?v=nkTBwbnfesQ&index=8&list=PLyqga7AXMtPPuibxp1N0TdyDrKwP9H_jD

79. Sensitive data exposure - https://www.youtube.com/watch?v=2RKbacrkUBU&index=3&list=PLyqga7AXMtPPuibxp1N0TdyDrKwP9H_jD

80. Broken access control - https://www.youtube.com/watch?v=P38at6Tp8Ms&list=PLyqga7AXMtPPuibxp1N0TdyDrKwP9H_jD&index=5

81. Insufficient logging and monitoring - https://www.youtube.com/watch?v=IFF3tkUOF5E&index=10&list=PLyqga7AXMtPPuibxp1N0TdyDrKwP9H_jD

82. XML external entities - https://www.youtube.com/watch?v=g2ey7ry8_CQ&list=PLyqga7AXMtPPuibxp1N0TdyDrKwP9H_jD&index=4

83. Using components with known vulnerabilities - https://www.youtube.com/watch?v=IGsNYVDKRV0&index=9&list=PLyqga7AXMtPPuibxp1N0TdyDrKwP9H_jD

84. Cross-site scripting - https://www.youtube.com/watch?v=IuzU4y-UjLw&index=7&list=PLyqga7AXMtPPuibxp1N0TdyDrKwP9H_jD

85. Security misconfiguration - https://www.youtube.com/watch?v=JuGSUMtKTPU&index=6&list=PLyqga7AXMtPPuibxp1N0TdyDrKwP9H_jD



LUKE BRINER



86. Injection explained - https://www.youtube.com/watch?v=1qMggPJpRXM&index=1&list=PLpNYlUeSK_rkrrBox-xvSkm5lgaDqKa0X

87. Broken authentication and session management - https://www.youtube.com/watch?v=fKnG15BL4AY&list=PLpNYlUeSK_rkrrBox-xvSkm5lgaDqKa0X&index=2

88. Cross-site scripting - https://www.youtube.com/watch?v=ksM-xXeDUNs&index=3&list=PLpNYlUeSK_rkrrBox-xvSkm5lgaDqKa0X

89. Insecure direct object reference - https://www.youtube.com/watch?v=ZodA76-CB10&list=PLpNYlUeSK_rkrrBox-xvSkm5lgaDqKa0X&index=4

90. Security misconfiguration - https://www.youtube.com/watch?v=DfFPHKPCofY&index=5&list=PLpNYlUeSK_rkrrBox-xvSkm5lgaDqKa0X

91. Sensitive data exposure - https://www.youtube.com/watch?v=Z7hafbGDVEE&list

Web Application Penetration Testing Course URLs.docx
Info
Tags Security, Software, Web development
Type Google Doc
Published 13/07/2020, 17:53:20

Resources

Penetrum_TikTok_Security_Analysis_whitepaper
Ransomware Overview
Attacking Secondary Contexts in Web Applications