Hacking Web Applications & Penetration Testing: Web Hacking

Learn Ethical Web Hacking, Bug Bounty, Web Penetration, Penetration Testing and prevent vulnerabilities with this course

Created by: Muharrem AYDIN
Computer Engineer, Ethical Hacking, Cyber Security Expert

Created by: OAK Academy Team
instructor

What Will I Learn?

• Ethical hacking is a good career because it is one of the best ways to test a network.
• Ethical hacking involves a hacker agreeing with an organization or individual who authorizes the hacker to levy cyber attacks on a system or network
• In addition to proficiency in basic computer skills and use of the command line, ethical hackers must also develop technical skills
• Many hackers use the Linux operating system (OS) because Linux is a free and open-source OS, meaning that anyone can modify it.
• Ethical hacking is legal because the hacker has full, expressed permission to test the vulnerabilities of a system.
• The different types of hackers include white hat hackers who are ethical hackers and are authorized to hack systems, black hat hackers
• Whether you want to get your first job in IT security, become a white hat hacker, or prepare to check the security of your own home network
• Penetration testing skills make you a more marketable IT tech. Understanding how to exploit servers, networks, and applications
• Penetration tests have five different stages. The first stage defines the goals and scope of the test and the testing methods that will be used.
• There are many types of penetration testing. Internal penetration testing tests an enterprise's internal network.
• Penetration testing, or pen testing, is the process of attacking an enterprise's network to find any vulnerabilities that could be present to be patched.
• Set up a virtual environment to practice without affecting main systems
• Install Kali Linux - a penetration testing Debian distro
• Install virtual system which has vulnerable web applications
• Basic terms, standards, services, protocols and technologies
• HTTP protocol, requests and responses
• HTTPS, TLS/SSL
• Intercepting HTTP traffic using a personal proxy
• Gather sensitive information in websites
• Find known vulnerabilities using vulnerability database
• Find known vulnerabilities using search engines
• Google Hack Database (GHDB)
• Discover unpublished directories and files associated with a target website
• Input and output manipulation
• Input and output validation approaches
• Discover and exploit reflected XSS vulnerabilities
• Discover and exploit stored XSS vulnerabilities
• Discover DOM-based XSS vulnerabilities
• Prevent XSS vulnerabilities
• Discover and exploit SQL injection vulnerabilities, and prevent them
• Bypass login mechanisms using SQL injections and login a website without password
• Find more in a database using SQL injection vulnerabilities: databases, tables and sensitive data such as passwords
• Discover & exploit blind SQL injections
• Prevent SQL injections
• Authentication methods and strategies
• Bypass authentication mechanisms
• Find unknown usernames and passwords: brute force & dictionary attacks
• Launch a dictionary attack
• Access unauthorized processes
• Escalate privileges
• Access sensitive data using path traversal attack
• Session management mechanism
• Impersonating victim by session fixation attack
• Discover and exploit CSRF (Cross Site Request Forgery)
• In many situations, a network seems impenetrable only because it hasn’t succumbed to an attack in years.
• An ethical hacker is also sometimes referred to as a white hat hacker. Many depend on ethical hackers to identify weaknesses in their networks
• Ethical hackers and security experts carry out these tests to find any weak spots in a system’s security

Requirements

• 4 GB (Gigabytes) of RAM or higher (8 GB recommended)
• 64-bit system processor is mandatory
• 10 GB or more disk space
• Enable virtualization technology on BIOS settings, such as “Intel-VTx”
• Modern Browsers like Google Chrome (latest), Mozilla Firefox (latest), Microsoft Edge (latest)
• All items referenced in this course are Free
• A computer for installing all the free software and tools needed to practice
• A strong desire to understand hacker tools and techniques
• Be able to download and install all the free software and tools needed to practice
• A strong work ethic, willingness to learn and plenty of excitement about the back door of the digital world
• Nothing else! It’s just you, your computer and your ambition to get started today

Target audience

• Anyone who wants to learn how to hack or harden a website.
• Anyone who is curious about how data is leaked from social media environments
• Anyone who wants to learn how even the most secure web sites are hacked
• Anyone who is afraid of being hacked and would like to secure his/her websites
• People who are willing to make a career in Cyber Security