Description

An intermediate-level training that will help you learn how hackers find SQL injections with Sqlmap, web application security testing with Google Hacking, fuzzing with Burp Suite, and exploiting race conditions with OWASP ZAP. You will learn how to use these tools in your penetration testing projects and use them to protect your web applications.

Ethical hackers and penetration testers need a very good toolbox to do their job efficiently. They would also need to learn step-by-step how to use the tools from this toolbox and that's exactly what this course delivers. In this course, we will demonstrate Sqlmap, which is the most powerful tool for automated SQL injection detection and exploitation. The course will also present Google Hacking and show you how it can be used to find security weaknesses in web applications. Later on in the course, you will be presented with fuzzing, which is a vulnerability detection technique used by many successful hackers, and it will be demonstrated how to perform fuzzing with Burp Suite Intruder. Finally, you will learn how to exploit race conditions with OWASP ZAP. Race conditions can lead to very dangerous attacks on modern web applications, and this is exactly what we will demonstrate at later stages. By the end of this course, you will have worked on the tools used by successful hackers and start using them in your own penetration testing projects going forward.

What You Will Learn

Discover the tools used by the successful hackers
Learn step-by-step how to use these tools in practice (DEMOS)
Find SQL injections within minutes with the help of Sqlmap
Detect security weaknesses with Google Hacking
Perform fuzzing with Burp Suite Intruder
Exploit race conditions with OWASP ZAP

Audience

This course is ideal for all penetration testers, ethical hackers, bug hunters, and security engineers/consultants who want to enhance and refresh their knowledge of pentesting and hacking.
This course is for intermediate levels and basic hacking skills are required to get the most out of this course. There will be no video dedicated to any kind of installation.

Approach

This is a highly practical and hands-on course on pentesting. The step-by-step approach of using these hacking tools along with real-world case studies will help you align with the market. The theories shown in the videos are concise and crisp, followed by direct implementation. There will be tips and tricks shared by the experienced author that you will follow throughout the course's journey.

Key Features

Learn from one of the top hackers at HackerOne and use tools in your own penetration testing projects * Highly practical and hands-on course filled with real-world examples wherever possible * A dedicated section on OWASP ZAP that shows a bunch of real-world scenarios step-by-step using the tool

About the Author

Dawid Czagan

Dawid Czagan is an internationally recognized security researcher and trainer. He is listed among the top hackers at HackerOne. Dawid Czagan has found security vulnerabilities in Google, Yahoo, Mozilla, Microsoft, Twitter, and other companies. Due to the severity of many bugs, he received numerous awards for his findings. Dawid Czagan shares his security experience in his hands-on training at key industry conferences worldwide. He is the founder and CEO of Silesia Security Lab.

Course Outline

1. Introduction to the Course

1. Introduction

This video provides an overview of the course that contains a basic idea about the course and structure it is going to follow.

2. How Hackers Find SQL Injections in Minutes with Sqlmap

1. Introduction

This video provides an overview of the section.

2. The Basics of Sqlmap - Overview

This video provides an overview of the basics of Sqlmap.

3. The Basics of Sqlmap - Demo

This is a demo video of the basics of Sqlmap.

4. Dumping Database Table Entries - Overview

This video provides an overview of how to dump database table entries.

5. Dumping Database Table Entries - Demo

This is a demo video on how to dump database table entries.

6. From SQL Injection to Remote Code Execution - Overview

This video provides an overview of how to execute the code from SQL injection to remote.

7. From SQL Injection to Remote Code Execution - Demo

This is a demo video that demonstrates how to execute the code from SQL injection to remote.

8. More Advanced Testing with Sqlmap - Overview

This video provides an overview of more advanced testing with Sqlmap.

9. More Advanced Testing with Sqlmap - Demo

This is a demo video of more advanced testing with Sqlmap.

10. Bypassing Web Application Firewalls - Overview

This video provides an overview of how to bypass web application firewalls.

11. Bypassing Web Application Firewalls - Demo

This is a demo video that shows how to bypass web application firewalls.

12. Summary

This video helps you with the summary of this section.

3. Web Application Security Testing with Google Hacking

1. Introduction

This video provides an introduction to the section.

2. Google Hacking: Finding Directory Listings

This video talks about how to find directory listings using Google Hacking.

3. Google Hacking: Finding SQL Syntax Errors

This video talks about how to find SQL syntax errors using Google Hacking.

4. Google Hacking: Finding Publicly Exposed Backup Files

This video talks about how to find publicly exposed backup files using Google Hacking.

5. Google Hacking: Finding Internal Server Errors

This video talks about how to find internal server errors using Google Hacking.

6. Google Hacking: Finding Sensitive Data in URLs

This video talks about how to find sensitive data in URLs using Google Hacking.

7. Google Hacking: Finding Insecure HTTP Web Pages

This video talks about how to find insecure HTTP web pages using Google Hacking.

8. Google Hacking Database

This video explains about the Google Hacking database.

9. Case Study: Microsoft Yammer Social Network

This is a case study of the security testing of Microsoft Yammer social network.

10. How to Prevent Google Indexing from Happening

This video demonstrates how to prevent Google Indexing from happening.

11. Summary

This video helps you with the summary of the entire section.

4. Fuzzing with Burp Suite Intruder

1. The Basics of Fuzzing

This video provides basic knowledge on Fuzzing.

2. Fuzzing with Burp Suite Intruder - Overview

This video provides you with an overview of Fuzzing with the help of Burp Suite Intruder.

3. Fuzzing for SQL Injection - Demo

This is a demo video on how to do Fuzzing for SQL injection.

4. Fuzzing for Path Traversal - Demo

This is a demo video on Fuzzing for path traversal.

5. Fuzzing with Burp Suite Intruder - Tips and Tricks

This video helps you with tips and tricks on Fuzzing with Burp Suite Intruder. You will learn some advanced tricks that can be used in your own projects as well.

5. Exploiting Race Conditions with OWASP ZAP

1. Introduction

This video provides an introduction to the section.

2. Exploiting Race Conditions - Case 1 (Part1)

This is the first of the two-part video on exploiting race conditions for case 1. Here, you would be looking at how hackers use multithreading conditions for stealing money from a bank.

3. Exploiting Race Conditions - Case 1 (Part2)

This is the first of the two-part video on exploiting race conditions for case 2. Here, you would be looking at how the hackers use another race condition for stealing money from a bank.

4. Exploiting Race Conditions - Case 2

This video explains exploiting race conditions for case 2. Here, you would be looking at how the hackers reuse a one-time discount code.

5. Case Studies of Award-Winning Race Condition Attacks

This video explains some case studies of award-winning race condition attacks.

Course Images

Web Hacker's Toolbox - Tools Used by Successful Hackers

By Packt

Booking options

Highlights

Description

Course Content

About The Provider

Tags

Reviews