Introduction to Web Applications

[toggle_content title="Transcript"] Leo Dregier here now the last module we talked about the web server components in themselves but now we get to talk about the web applications and this is a literally Pandora's Box. There is so much to talk about this is a jam packed module because we get to tie everything from the old and the new in together and then attack and exploit it all. So some of the attack factors you have got to look at the basics here - what is the architecture in the way that the web server is setup. So that if you know that then that tells you exactly how to approach the attacks. Now your traditional threats confidentiality integrity and availability. They still exist but there is other principles involved that are very, very important as well for example authentication, authorization and session handling as well we get to tie in a lot of the new technologies because most of our web components like mobile phones or iPhones or Android they connect to web based application in themselves. So while as simple as HTML going back and forth between the client and server. There is a lot more to it than just that in the web 1.0 world - it was very static but now we go into the web 2.0 world where we have lots of dynamic content and there is realistically so much to talk about. Because you have search capabilities you have social networking. You have mobile application you even have registration components and things like Ajax which really just enhance the user experience. So whether it would just something like Wikipedia or email or instant messaging all of this get tied in to the web application. Now what works very, very well for us in terms of penetration tester is most software developers are not security engineers and most security engineers are not software developers. So only in the last five or six years is that world actually been coming together but they have been very resistant to actually doing it together. So the whole lifecycle in which applications get developed we can basically take that apart and exploit that. Also the hacker has a huge head start here because how long is it going to take for company X to go ahead and find a vulnerability. Go ahead and write off some code to fix it - take it through their patch management process. Move that through the change control process and ultimately get it to the point where they have fixed their problem. So the hacker has a huge head start - so between all of the technologies that we bundle together here and then all of the life cycle components there is lots of room for penetration testing. Now in this particular module there is realistically so much information here it could be its own five to ten day course. As a matter of fact most of the time while I am teaching live the most common critic is man I wish we had more time. So we are going to move very, very fast through this module but nonetheless you can take it apart one step at a time. So let us go ahead and get started. [/toggle_content] Welcome to the Web Applications module of our Penetration Testing and Ethical Hacking course. The Web Applications module looks at the attack factor of web application hacks. The Web Applications modules differs from the previous Hacking Web Servers module because it presents an opportunity to look at and discuss both old and new technology and web architecture – the factor in web hacking that defines web hacking. If you know the architecture, you know how to approach and set up your hacking session when conducting your penetration test. The Web Applications module also focuses on the dynamics of today’s bundled technology and the coming together of web server components such as searches, mobile devices, the user experience, other web applications and social networking.  You’ll learn the basics of bringing together old and new web technologies and how it can be exploited to identify penetration testing opportunities and parameters. The topics explored in the Web Applications module include:
  • Whiteboard, which shows the interrelationship of all the basic components utilized for this module
  • And the following simulation labs:
    • burpSuite Lab
    • HTTP Lab
    • IDServ Lab
    • nikTo Lab
    • virusTotal Lab
    • wGet Lab
Recommended Study Material
Learn on the go.
The app designed for the modern cyber security professional.
Get it on Google Play Get it on the App Store

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?