Web Hacking: Become a Professional Web Pentester

Description

This course contains everything to start working as a web pentester. You will learn about exploitation techniques, hacking tools, methodologies, and the whole process of security assessments. It is absolutely hands-on, you will do all the attacks in your own penetration testing environment using the provided applications. The targets are real open-source software. You will have to work hard but in the end, you will be able to do web security assessments on your own as a real ethical hacker. My name is Geri and I am the instructor of this course about web application hacking. If you are interested in hacking and IT security, then this is the perfect place to start. You might be a developer, an IT administrator, or basically anybody with an IT background. With this training, you will get everything you need to start working as a professional web penetration tester. But, why would you want to become one? First of all, because it is a lot of fun. You can be in the position of an attacker trying to hack the various system. Finding vulnerabilities exploiting them and taking over the system. You can find the true hacker in yourself. It is a very creative and exciting job. Also, the security business is booming now. But, why should you learn web hacking? Mostly because there is the biggest demand in the market. Wherever you go to work right now as a penetration tester, around 80% of the projects are web hacking related. This is usually because the awareness of web security was already established and everything has a web interface from the web application to embedded devices or IoT. Also, because that is the fastest to learn. It is because web-related technologies are usually text-based and are easy to work with. So, at the end of the day, web pen testing is the fastest to learn and the most searched. So, I think it is an obvious choice to start your carrier there. All the code files are placed at https://github.com/PacktPublishing/Web-Hacking-Become-a-Professional-Web-Pentester

What You Will Learn

•  Why hacking is fun
•  Understand web security problems and how to fix them
•  Find security vulnerabilities in web applications
•  Start working as a penetration tester for web applications
•  How traditional and modern web applications work
•  How the process of ethical hacking works
•  Get practical experience in exploiting web applications
•  How to do ethical hacking projects the right way
•  How professional penetration testing works

Audience

This course is for developers who want to secure their web applications. People who want to become a penetration tester. Penetration testers who want to extend their portfolio to web applications. Anybody who works in IT or study it and is interested in web hacking.

Approach

It is absolutely hands on. We are going to hack real open-source applications where you can try every technique and attack yourself. So, you will have to get your hands dirty. I will show you everything first and then you can keep experimenting and testing yourself.

Key Features

•  It never gets boring, there will be always something interesting and new to learn. * •  You will be never without a job. If you keep up with the developments, there will be always something new to do. And as long as there are new systems, people will keep screwing up and building insecure stuff. And that's what brings projects to us. * •  So, I hope I piqued your attention to learning web application *

Github Repo

https://github.com/packtpublishing/web-hacking-become-a-professional-web-pentester

About the Author

Gergely Révay

Gergely Révay, the instructor of this course, hacks stuff for fun and profit at Multinational Corporation in Germany and in the USA. He has worked as a penetration tester since 2011; before that, he was a quality assurance engineer in his home country, Hungary. As a consultant, he did penetration tests and security assessments in various industries, such as insurance, banking, telco, mobility, healthcare, industrial control systems, and even car production. Gergely has also built online courses and tutorials since 2014 on various platforms such as http://hackademy.aetherlab.net and https://www.youtube.com/aetherlabnet During this time he has put a lot of effort into understanding how pentesting and offensive security can be taught efficiently.

Course Outline

1. Warm up

2. Environment setup

3. Web 101

4. Application discovery

5. Attacking session management

6. Attacking authentication

7. Attacking authorization

8. Attacking the client

9. Server side injections

10. The rest