Web Application Penetration Testing

Paths

Web Application Penetration Testing

Authors: Mike Woolard, Lee Allen, Prasad Salvi, Clark Voss, Dawid Czagan, Will Vandevanter

As a security professional, understanding how applications are attacked is the key to defending them. In this skill, Web Application Penetration Testing, you will learn the... Read more

What you will learn

  • Understand web application penetration testing methodology
  • Detail the information gathering process
  • Explain testing for configuration management
  • Test identity management
  • Conduct authentication testing
  • Conduct authorization testing
  • Conduct session management testing
  • Conduct data validation testing
  • Validate error handling
  • Validate cryptography
  • Conduct business logic testing
  • Conduct client side testing

Pre-requisites

  • Knowledge of operating systems
  • Knowledge of fundamental networking concepts (such as CompTIA Network+)
  • Knowledge of fundamental information security concepts (such as CompTIA Security+)
  • Knowledge of ethical hacking fundamentals

Web Application Penetration Testing

These courses were based on the contents of the OWASP Web Security Testing Guide: The Web Security Testing Guide (WSTG). The project produces an open source cybersecurity testing resource for web application developers and security professionals. The WSTG is a comprehensive guide to testing the security of web applications and web services. Created by the collaborative efforts of cybersecurity professionals and dedicated volunteers, the WSTG provides a framework of best practices used by penetration testers and organizations all over the world.

Web Application Penetration Testing Fundamentals

by Mike Woolard

Jun 13, 2017 / 2h 37m

2h 37m

Start Course
Description

Whether you are a developer or in security understanding how applications are attacked is the key to defending them. In this course, Web Application Penetration Testing Fundamentals, you'll learn the framework of a successful web application penetration test. First, you'll begin by exploring everything that goes into the pre-engagement, preparing for the test. Next, you'll delve into various techniques for footprinting the application and the underlying servers. Finally, once you lay the groundwork, you'll discover all the common attacks on application inputs and various logic flaws development trams make. By the end of this course, you'll have a solid understanding of the basic framework of web application security assessment, the concepts, and why they are important, so you can relate it back to your own application.

Table of contents
  1. Course Overview
  2. The Principles of a Web Application Penetration Test
  3. Pre-engagement
  4. Footprinting
  5. Attacking User Controls
  6. Attacking Application Inputs
  7. Common Attack Methods
  8. Discovering Logic Flaws
  9. Reporting
  10. Summary

Web Application Penetration Testing: Configuration and Deployment Management Testing

by Lee Allen

Feb 12, 2019 / 2h 10m

2h 10m

Start Course
Description

Learn how to test the deployed configuration that your applications are released on. In this course, Web Application Penetration Testing: Configuration and Deployment Management Testing, you'll learn how to perform systematic configuration and deployment management testing to ensure that misconfigurations, or mistakes made during application deployment, do not provide opportunities for attackers to compromise infrastructures or applications. First, you'll discover how to validate network and infrastructure configuration. Next, you'll explore testing the platform that applications are deployed upon. Then, you'll learn how to ensure that backup configurations and administrative interfaces do not open you up to attacks. Finally, you'll go through testing cross-domain policies for rich internet applications. By the end of this course, you'll have an understanding of how OWASP testing principles can be leveraged to systematically test configuration and deployment management.

Table of contents
  1. Course Overview
  2. Introduction
  3. Testing Network and Infrastructure Configuration
  4. Testing Application Platform Configuration
  5. Testing File Handling
  6. Looking for Sensitive Information
  7. Enumerating and Attacking Administrative Interfaces
  8. Testing HTTP Methods
  9. Testing Cross-domain Policy for Rich Internet Applications (RIA)
  10. Validating HTTP Strict Transport Security Headers (HSTS)
  11. Course Wrap Up

Penetration Testing of Identity, Authentication and Authorization Mechanism

by Prasad Salvi

Aug 12, 2019 / 56m

56m

Start Course
Description

Hackers are getting access to your sensitive data by exploiting web application vulnerabilities. In this course, Penetration Testing of Identity, Authentication and Authorization Mechanism, you will gain the ability to perform web application pentesting. First, you will learn Identity Management. Next, you will discover how to crack a websites' Authentication. Finally, you will explore how to bypass Authorization mechanism. When you’re finished with this course, you will have the skills and knowledge of web application penetration testing needed to perform different attack scenarios.

Table of contents
  1. Course Overview
  2. Testing Identity Management
  3. Breaking the Authentication Mechanism
  4. Bypassing Authorization to Gain Unauthorized Access
  5. Summary and Wrap Up

Web Application Penetration Testing: Session Management Testing

by Clark Voss

Mar 8, 2018 / 2h 45s

2h 45s

Start Course
Description

Poorly implemented session management can allow an attacker to exploit poor controls and gain access to sensitive information. In Web Application Penetration Testing: Session Management Testing, you’ll learn how to find those vulnerabilities before the bad guys do. First, you'll explore cookies, what to look for during a pen-test, and how you can brute force your way passed the login prompt. Next, you'll learn how easy it can be to hijack someone else's session with session fixation. Finally, you’ll discover what session puzzling is and how to leverage it as an attacker. When you’re finished with this course, you'll have a solid understanding of what to look for while penetration testing session management.

Table of contents
  1. Course Overview
  2. Course Introduction
  3. Testing for Bypassing Session Management Schema
  4. Testing for Cookie Attributes
  5. Testing for Session Fixation
  6. Testing for Exposed Session Variables
  7. Testing for Cross-site Request Forgery
  8. Testing for Logout Functionality
  9. Testing Session Timeout
  10. Testing Session Puzzling
  11. Course Wrap-up

Web Application Penetration Testing: Input Validation

by Dawid Czagan

Mar 6, 2020 / 49m

49m

Start Course
Description

Improper input validation can lead to very severe consequences. In this course, Web Application Penetration Testing: Input Validation, you will learn how to test for input validation in modern web applications. First, you will learn about a cross-site scripting attack and AngularJS template injection. You will see how the attacker can steal a user’s password as a result of a cross-site scripting attack. I will also present how the attacker can proceed from AngularJS template injection to cross-site scripting. Next, you will explore XML external entity attacks and HTTP parameter pollution. You will see how the attacker can read the content of sensitive files from the web server as a result of an XML external entity attack. You will also see how the attacker can bypass authorization as a result of HTTP parameter pollution. Finally, you will discover SQL injection and Insecure Direct Object Reference. You will see how the attacker can bypass password verification as a result of SQL injection. You will also see how the attacker can gain unauthorized access to the account of another user as a result of Insecure Direct Object Reference. By the end of this course, you will know how to test for input validation in modern web applications and how to provide countermeasures for different types of attacks related to improper input validation.

Table of contents
  1. Course Overview
  2. Testing for Cross-Site Scripting and AngularJS Template Injection
  3. Testing for XML External Entity Attack and HTTP Parameter Pollution
  4. Testing for SQL Injection and Insecure Direct Object Reference

Web Application Penetration Testing: Insecure Error Handling

by Dawid Czagan

Feb 11, 2020 / 48m

48m

Start Course
Description

Insecure error handling can lead to very severe consequences and that’s the reason why this subject is interesting for penetration testers. In this course, Web Application Penetration Testing: Insecure Error Handling, you will learn how to test for insecure error handling in modern web applications. First, you will discover different types of insecure web server errors. You will see what dangers can happen when the web server version is disclosed in an error message. You will also see how the attacker can steal sensitive data as a result of a cross-site scripting attack via an error message. Next, you will learn about insecure error handling in the context of login functionality, which is one of most sensitive functionalities in web applications. You will see how to test for user enumeration via error messages and how to test for insecure handling of many unsuccessful login attempts. Finally, you will explore some of the most dangerous errors in modern web applications (unhandled exceptions and file inclusion errors). You will see how the attacker can learn sensitive data as a result of triggering an unhandled exception. You will also see how the attacker can proceed from file inclusion errors to reading the content of sensitive files. By the end of this course, you will know how to test for insecure error handling in modern web applications and how to prevent these problems from happening.

Table of contents
  1. Course Overview
  2. Triggering Web Server Errors
  3. Identifying Login Functionality Errors
  4. Finding Unhandled Exceptions and File Inclusion Errors

Web Application Penetration Testing: Weak Cryptography

by Dawid Czagan

Apr 20, 2020 / 51m

51m

Start Course
Description

Weak cryptography can lead to very severe consequences. In this course, Web Application Penetration Testing: Weak Cryptography, you will learn how to test for weak cryptography in modern web applications. First, you will learn about HTTPS enforcement and insecure cookie processing. You will see that users’ credentials can be disclosed over insecure channel when HTTPS enforcement is not implemented in the web application. You will also see a demonstration in which a cookie with sensitive data can be disclosed over insecure channel, even if secure HTTPS is enforced in the web application. Next, you will explore Transport Layer Protection, Heartbleed vulnerability, and mixed content vulnerability. You will see how to check if Transport Layer Protection is configured securely in your web application, and how the attacker can read sensitive data from the memory of the web server as a result of Heartbleed vulnerability (which is one of the most famous vulnerabilities in crypto libraries). You will also see what dangers can happen when there is mixed content vulnerability in your web application. Finally, you will discover session randomness analysis, insecure password storage, and Sub-resource Integrity Protection. You will see how you can analyze the randomness of session IDs in your web application with Burp Suite Sequencer. You will learn why you should store a hash of the password (instead of the password in plaintext) and how it can solve your problems with insecure password storage. You will also learn how Subresource Integrity can be used to protect the integrity of scripts and style sheets in your web applications. By the end of this course, you will know how severe consequences can happen as a result of weak cryptography and you will also know how to test for weak cryptography in modern web applications.

Table of contents
  1. Course Overview
  2. Testing for HTTPS Enforcement and Insecure Cookie Processing
  3. Testing for Transport Layer Protection, Heartbleed, Mixed Content
  4. Identifying Problems with Session, Password Storage, Integrity

Web Application Penetration Testing: Client-side Testing

by Prasad Salvi

Aug 12, 2020 / 1h 7m

1h 7m

Start Course
Description

Hackers are getting access to your sensitive data by exploiting client-side vulnerabilities. In this course, Web Application Penetration Testing: Client-side Testing, you will gain the ability to perform different client-side attack techniques. First, you will learn Cross-Site Scripting (XSS) attacks. Next, you will discover how to test for HTML injection and URL redirects. Finally, you will learn how to test for Clickjacking attacks, testing local, and session storage. When you’re finished with this course, you will have the skills and knowledge of client-side testing needed to perform web application penetration testing and mitigate those attacks.

Table of contents
  1. Course Overview
  2. Exploiting Cross Site Scripting Attacks
  3. Testing Client-side Redirects, HTML Injection, and ClickJacking
  4. Testing Different Types of Storage: Web/Local/Session

Writing Penetration Testing Reports

by Will Vandevanter

Aug 15, 2017 / 2h 7s

2h 7s

Start Course
Description

Writing penetration testing reports is a critical skill. Reporting occupies a considerable portion of your time on an assessment, it's a required skill on your career path, and reports are the primary deliverable to a customer on every engagement. In this course, Writing Penetration Testing Reports, you'll learn how to write penetration testing report. First, you'll discover how to report on the results from a penetration test. Next, you'll explore tips to become more effective at the reporting process. Finally, you'll learn how to save time while reporting. By the end of this course, you'll have a better understanding on how to write penetration testing reports.

Table of contents
  1. Course Overview
  2. Welcome to Writing Penetration Testing Reports
  3. Scaffolding to Create Better Reports
  4. Building on to the Scaffold
  5. Optional Components of the Deliverable
  6. After the Draft Is Written