Overview
-
Find out about the protocols used to access websites, and how to test websites and web applications to prevent exploitation through cyberattacks.
Syllabus
-
Introduction
- Testing to make sure your website is safe
- What you should know
- Disclaimer
- Elements of web-based applications
- Dissecting the HTTP/HTTPS protocol
- Moving on to WebSockets
- Looking at the Google QUIC protocol
- Understanding cookies
- Introducing HTML
- Visiting OWASP
- Introducing the Zero Bank
- Installing the WebGoat Server
- Introducing Burp Suite
- Scanning with ZAP
- Proxying with ZAP
- Introducing WebScarab
- Fingerprinting web servers
- Looking for credentials in HTML code
- Using Cookie Jars
- Hijacking sessions with cookies
- Manipulating URL parameters
- Testing for SQL injections
- Cross-site scripting
- Injecting commands through the URL
- Testing with Uniscan
- Practicing with online banking websites
- Hacking the cheese
- Training in the Web Security Dojo
- Next steps
