Web App Penetration Testing Course

Web App Penetration Testing Course

Web applications play a vital role in every modern organization. But, if your organization does not properly test and secure its web apps, adversaries can compromise these applications, damage business functionality, and steal data. Unfortunately, many organizations operate under the mistaken impression that a web application security scanner will reliably discover flaws in their systems.

With this course I aim to help students move beyond push-button scanning to professional, thorough, high-value web application penetration testing.

I am sharing this course because I believe knowledge should be free or at least affordable. You should not have to get a loan on your house to get the seven thousand dollars it took to get the knowledge from this course.

This was a six day course. Which I have the audio and study material too. It is insane to cram all this information into a six day course and think that all the information has been retained.

So what we are going to do is turn this into a six week course. I will share one section a week. I would advise you to open the study material and then play the .MP3 audio files and follow along on your study material which comes in .PDF format.

Week 1: Introduction and Information Gathering

Topics:

  • Overview of the web from a penetration tester’s perspective

  • Exploring the various servers and clients

  • Discussion of the various web architectures

  • Discovering how session state works

  • Discussion of the different types of vulnerabilities

  • WHOIS and DNS reconnaissance

  • The HTTP protocol

  • WebSocket

  • Secure Sockets Layer (SSL) configurations and weaknesses

  • Heartbleed exploitation

  • Utilizing the Burp Suite in web app penetration testing

  • Week 1: Study Material Download

Week 2: Configuration, Identity, and Authentication Testing

Topics:

  • Scanning with Nmap

  • Discovering the infrastructure within the application

  • Identifying the machines and operating systems

  • Exploring virtual hosting and its impact on testing

  • Learning methods to identify load balancers

  • Software configuration discovery

  • Learning tools to spider a website

  • Brute forcing unlinked files and directories

  • Discovering and exploiting Shellshock

  • Web authentication

  • Username harvesting and password guessing

  • Fuzzing

  • Burp Intruder

  • Week 2: Study Material Download

6 Likes

I like the idea of a free or at least affordable coarse, I have spent the last few years programming to prevent penetration, i think the if you know how to get in you can prevent it from happening in the first place. My thoughts are that is the whole point of penetration testing, thanks for the coarse @MoNsTeR.

1 Like

Wow thank you @MoNsTeR .
This is great course material, its the same course material taught to government agency’s.

1 Like

Thanks @MoNsTeR for the amazing courses that you share with us .

1 Like

Good work buddy keep it up!! btw why don’t you upload your courses on a torrent site so that people can download those courses at a high speed as FTP servers are damn slow regardless of your internet speed. Using torrent will save everyone’s time too :smiley:

1 Like

You are absolutely right @GSG

Yes, this exact course is taught to high level united states government agency’s such as DHS, FBI, DOD etc. In-fact you must have Sans Certification to contract for the United States Government. @MoUsE

You are welcome @cavaN I love giving back to the community when I can. It helps me progress.

@D4rkhunt3r I was actually thinking of doing that. I had one going awhile back. I might start doing it again.

I have 2 web servers, I would be willing to allow up to 10 GB of space to host the files on if needed

1 Like

Yes that would be great. Will be waiting for the torrent links to hit up :smiley:

Great! @GSG I will let you know when I need it thanks.

For everyone following along. I have added week 2 to the course material.

1 Like

Thank you @MoNsTeR I will be going to look at it now.

1 Like