Web Hacking: Become a Professional Web Pentester

7h 58m 4s
English
Paid
November 4, 2024

This course contains everything to start working as a web pentester. You will learn about exploitation techniques, hacking tools, methodologies, and the whole process of security assessments. It is absolutely hands-on, you will do all the attacks in your own penetration testing environment using the provided applications. The targets are real open-source software. You will have to work hard but at the end you will be able to do web security assessments on your own as a real ethical hacker. 

More

My name is Geri and I am the instructor of this course about web application hacking. If you are interested in hacking and IT security, then this is the perfect place to start. You might be a developer, an IT administrator, or basically anybody with an IT background. With this training you will get everything you need to start working as a professional web penetration tester.
But why would you want to become one? First of all because it is lot's of fun. You can be in the position of an attacker trying to hack various system. Finding vulnerabilities exploiting them and taking over the system. You can find the true hacker in yourself. It is a very creative and exciting job.  

Also the security business is booming now. I get offers every day on LinkedIn, because there is a serious shortage of penetration testers. As companies figure out that they really have to care about security they face the problem that they cannot find people to do that. And it just keeps growing. And because of that you can earn pretty well even as a white hat ethical hacker, so there is no reason to go to the dark side. 

But why should you learn web hacking. Mostly because there is the biggest demand on the market. Wherever you go to work right now as a penetration tester, around 80 % of the projects are web hacking related. This usually because the awareness of web security was already established and because basically everything has a web interface from web application to embedded devices or IoT. Also because that is the fastest to learn. It is because web related technologies are usually text based and are easy to work with. So at the end of the day web pentesting is the fastest to learn and the most searched for so I think it is an obvious choice to start your carrier there. 

But who am I to teach that, you might ask. I work as a penetration tester in Germany. I am lucky to work with the extremely wide spectrum of technologies in my day job. 

I also talk on conferences, when I have the time (google my name).

And I have already made an online hacking course which has 20000+ students, and people seemed to like it. 

But most importantly I know how to become a penetration tester because I did it myself. I was a software quality engineer when I decided to change to pentesting. I did trainings read books to become one. But when I designed this ethical hacking course I tried to figure out what are the most important things you need, based on my own experience. I analysed what I needed the most to become a pentester and  also what we are looking for, when we hire somebody in our team. And I put these topics in this course. So if you learn everything in this ethical hacking course, then I would be glad to work with you, because I would know that I can trust you with doing a web assessment.  

So how is this course looks like. It is absolutely hands on. We are gonna hack real open source applications where you can try every technique and attack yourself. So you will have to get your hands dirty. I will show you everything first and then you can keep experimenting and testing yourself. 

Of course this course is the essentials. I don't like the idea of people calling courses the "complete whatever". In IT generally there is no such thing as complete. There are new systems and technologies born everyday. You will have to learn forever and your knowledge will never be complete. But that is good for two reasons: 

  1. It never gets boring, there will be always something interesting new thing to learn. 
  2. You will be never without job. If you keep up with the developments there will be always something new to do. And as long as there are new systems people will keep screwing up and building insecure stuff. And that's what brings projects to us. 
Requirements:
  • Students need to have IT background.
  • Virtual machines are used in the course, a user level understanding of VMWare or Virtualbox is needed.
Who this course is for:
  • Developers who want to secure their web applications.
  • People who want to become penetration tester.
  • Penetration testers who want extend their portfolio to web applications.
  • Anybody who work in IT or studies it and is interested in web hacking.

What you'll learn:

  • Why hacking is fun
  • Understand web security problems and how to fix them
  • Find security vulnerabilities in web applications
  • Start working as a penetration tester for web applications
  • How traditional and modern web applications work
  • How the process of ethical hacking works
  • Get practical experience in exploiting web applications
  • How to do ethical hacking projects the right way
  • How professional penetration testing works

Watch Online Web Hacking: Become a Professional Web Pentester

Join premium to watch
Go to premium
# Title Duration
1 Introduction 03:34
2 Disclaimer 01:35
3 Methodology 04:52
4 In this section 01:26
5 Setting up the target 08:57
6 Setting up Kali 14:38
7 Setting up the Burp Suite 09:04
8 In this section 00:41
9 How HTTP works 12:37
10 Static HTML 10:19
11 PHP and friends 14:26
12 Modern MVC frameworks 30:01
13 Javascript 14:41
14 Manual discovery 16:52
15 Automated discovery 11:47
16 Session management intro 13:34
17 Session fixation 11:12
18 Weak logout 04:41
19 Same origin policy 07:06
20 CSRF 19:59
21 Securing the session 05:23
22 SSL/TLS 19:59
23 Authentication bypass 07:54
24 Unauthenticated URL access 06:08
25 Password quality 03:30
26 Password brute force 08:02
27 Default accounts 02:38
28 Weak password recovery 04:49
29 Mitigations 03:29
30 Authorization Intro 04:54
31 Manipulating variables 05:16
32 Client side authentication 04:27
33 Mitigations 02:24
34 Reflected XSS 18:01
35 Stored XSS 10:31
36 HTTP header injection 10:55
37 Malicious URL redirection 14:05
38 Exploiting wrong content-type 08:30
39 Mitigations 04:10
40 Malicious file upload 14:24
41 LFI and RFI 14:22
42 OS command injection 13:37
43 SQL injection 17:52
44 UNION Select Attack 12:52
45 Blind SQL injection 13:53
46 Automating SQLi testing 12:05
47 Mitigations 04:08
48 Reporting 05:39
49 Checklist 04:34
50 What's next 07:31

Similar courses to Web Hacking: Become a Professional Web Pentester

System Design for Interviews and Beyond

System Design for Interviews and BeyondMikhail Smarshchok

Duration 7 hours 53 minutes 5 seconds
Statistics Fundamentals

Statistics FundamentalsLunarTech

Duration 2 hours 4 minutes 10 seconds
Windows Server 2016 Administration

Windows Server 2016 Administrationudemy

Duration 10 hours 23 minutes 31 seconds
The Ultimate SAAS Course

The Ultimate SAAS CourseProdigies University

Duration 8 hours 4 minutes 52 seconds