Autoplay
Autocomplete
Dark Mode
Speed
Previous Lesson
Complete and Continue
Practical Web Application Security and Testing
0: Prologue
0-1: Welcome (6:58)
0-2: About the Instructor (3:06)
0-3: Course Structure (2:13)
1: Setup
1-1: Lab Setup Overview (8:18)
1-2: Lab Setup - Hyper-V (20:57)
1-3: Lab Setup - VirtualBox (14:15)
1-4: Lab Setup - Kali Linux (15:16)
1-5: Lab Setup - Docker (9:54)
2: Web Application Concepts
2-1: Servers and Clients (2:01)
2-2: Lab - Nginx and Server Logs (12:04)
2-3: HTTP (10:49)
2-4: The Web Trinity (7:54)
2-5: HTML (9:30)
2-6: CSS (6:32)
2-7: JavaScript (9:28)
2-8: Lab - Alert Button (11:51)
2-9: ZAP Intro (24:08)
2-10: Lab - ZAP Enumeration (15:45)
3: Server-Side Webapps
3-1: PHP (8:54)
3-2: Lab - PHP with Docker (9:08)
3-3: Server Side Security Considerations (9:34)
3-4: Lab - Wordpress (17:43)
3-5: Lab - DVWA (11:14)
4: The OWASP Top 10
4-1: OWASP Overview (3:51)
4-2: Broken Access Control (8:24)
4-3: Cryptographic Failures (10:45)
4-4: Injection - XSS (20:24)
4-5: Injection - SQLI (16:34)
4-6: Injection - Command Injection (4:56)
4-7: Insecure Design (22:57)
4-8: Security Misconfiguration (3:07)
4-9: Vulnerable and Outdated Components (8:22)
4-10: Identification and Authentication Failures (8:15)
4-11: Software and Data Integrity Failures (3:39)
4-12: Security Logging and Monitoring Failures (2:33)
4-13: Server-Side Request Forgery (1:28)
4-14: Extra Practice (1:41)
5: Client-Side Webapps
5-1: Client-Side Webapp Intro (3:24)
5-2: Lab - Juice Shop (5:13)
5-3: Frontend Considerations (7:59)
6: Webapp Pentesting Methodology
6-1: Preparation (4:48)
6-2: Scoping (5:57)
6-3: Enumeration (16:02)
6-4: Manual Testing (13:05)
6-5: Automated Attacks (10:53)
7: Juice Shop Pentest
7-1: Automatic Enumeration (6:56)
7-2: Manual Enumeration (9:23)
7-3: Discoveries (12:30)
7-4: Login/Authentication (4:58)
7-5: Purchasing (22:57)
7-6: Customer Support (15:19)
7-7: Additional API Testing (9:09)
7-8: Legacy Code (16:05)
8: Reporting
8-1: Report Structure (8:42)
8-2: Writing Tips (6:09)
9: Final Thoughts
9-1: Exhibition of Mastery (3:21)
9-2: Next Steps (2:00)
7-7: Additional API Testing
Complete and Continue