Hands-on web app pentesting.

[First edition].

[Place of publication not identified] : Packt Publishing, 2024.

1 online resource (1 video file (9 hr., 59 min.)) : sound, color.

Access is available to the Yale community.

Online resource; title from title details screen (O'Reilly, viewed March 4, 2024).

Access restricted by licensing agreement.

The course begins with an exploration of the foundational elements of web application infrastructure, introducing you to the critical aspects of URLs, HTTP Methods, and the underlying technologies that make the internet tick. You will gain a firm grasp on the workings of Web APIs, Content Management Systems, and Databases, setting the stage for more advanced topics. The course focuses on equipping you with the skills to identify, analyze, and exploit vulnerabilities within web applications. From exploring the use of powerful tools like Burp Suite and OWASP ZAP to understanding the intricacies of SQL Injection, XSS attacks, and CSRF (Cross-Site Request Forgery), you will journey through a curriculum designed to challenge and enhance their hacking capabilities. The course wraps up by delving into complex security issues such as JWT Attacks, IDOR, and SSRF, ensuring you emerge with a well-rounded mastery of web app pentesting. Throughout, the emphasis is on hands-on learning, providing you with the opportunity to apply concepts in real-world scenarios, thereby cementing your understanding and preparing you for professional success. What you will learn Conduct vulnerability scans with Nikto and Burp Suite Execute directory fuzzing with Feroxbuster Detect and exploit SQL injections using SQL Map Uncover and mitigate XSS vulnerabilities Safeguard against CSRF and SSRF threats Implement JWT attack strategies for security Audience This course is ideal for cybersecurity enthusiasts, IT professionals, and aspiring ethical hackers seeking to deepen their understanding of web app vulnerabilities. Familiarity with basic security concepts and experience with web technologies are recommended. About the Authors ACI Learning: ACI Learning trains leaders in Cybersecurity, Audit, and Information Technology. Whether starting an IT career, mastering a profession, or developing a team, they provide essential support at every step. Daniel Lowrie: Daniel Lowrie's IT career began with workstation support and Y2K compliance updates for a teaching hospital in North-Central Florida. His journey led him to become an in-classroom trainer and Mentored Learning Instructor, specializing in courses covering Microsoft Windows Desktops and Servers, Active Directory, Networking, CCNA, and Linux. He then transitioned to becoming a Systems and Network administrator for a large insurance company before joining ACI Learning as an Edutainer. Certifications: CompTIA A+, Network+, Linux+, CySA+, and PenTest+; CEH; MCSA; CFR; eJPT.

O'Reilly Safari. OCLC KB.

Images / Online / Video & Film

English

April 02, 2024

ACI Learning, Daniel Lowrie, instructors.