The Ultimate world of Pentesting Jargons
-
What is Pentesting and Web Pentesting. (6:43)
-
Common terminologies in Penetration Testing (5:19)
-
Box Based testing: Black Box, White Box and Grey Box (3:21)
-
Fundamentals of Attacking for Vulnerability Assessment. (8:20)
-
Tools of Trade for Pentester (5:17)
-
Steps to conduct Penetration testing (7:06)
-
OWASP top 10 vulnerability and guidelines (8:13)
-
What we did so far: Summary (1:23)
Set up of the Home Lab
Lets learn reconnaissance
-
What is reconnaissance (5:29)
-
initial research about target application (6:01)
-
Shodan and advanced google research about target (7:24)
-
offline mirror of target site for local testing (5:30)
-
ICMP - DNS testing and DNS zone transfer (10:35)
-
Nmap and Zenmap tools (6:02)
-
Do not rely completely on tools (3:14)
-
What we did so far- Summary
Step by Step pentesting guide by OWASP
-
What is next to come (3:30)
-
Search Engines, FingerPrint and Metafiles (8:53)
-
Services, source code review and entry points (5:14)
-
Crawlers, Framework detection and Architecture (5:36)
-
Web server configuration and file extension (6:30)
-
web server backups, admin page and http request (5:03)
-
Identity management and role defination in an application (4:02)
-
Test accounts and weak account policy (4:00)
-
Testing for credential transport over Encrypted channel (7:35)
-
lock outs, authentication bypass and defaults (7:44)
-
password cache and password policy (4:35)
-
Security questions and re authentication channel (4:21)
-
Remote and local file inclusion and Directory traversal (6:58)
-
insecure direct object reference and priviledge escalation (3:25)
-
Session management and cookie analysis (6:44)
-
Session fixation and session exposed vulnerabilities (4:43)
-
Cross site request forgery CSRF vulnerability (3:47)
-
Log out and session timeout test (2:20)
-
Input validation for injection and XSS (8:09)
-
What we did so far - Summary
Automation tools for pentesting
Documenting the Pentesting report
Web app pentesting project 1
Web app pentesting project 2
