Ethical Hacking: Hacking Web Servers and Web Applications

Find out about the protocols used to access websites, and how to test websites and web applications to prevent exploitation through cyberattacks.

Introduction

• Testing to make sure your website is safe
• What you should know
• Disclaimer

1. Introduction to Web Servers

• Elements of web-based applications
• Introduction to web servers
• Dissecting the HTTP/HTTPS protocol
• Moving on to WebSockets
• Looking at the Google QUIC protocol
• Understanding cookies
• Introducing HTML
• Visiting OWASP
• Web access APIs

2. Getting Ready to Test

• Introducing the Zero Bank
• Installing the WebGoat Server
• Introducing Burp Suite
• Scanning with ZAP
• Proxying with ZAP
• Introducing WebScarab

3. Running Basic Web Application Tests

• Fingerprinting web servers
• Looking for credentials in HTML code
• Using Cookie Jars
• Hijacking sessions with cookies

4. Advanced Web Application Tests

• Manipulating URL parameters
• Testing for SQL injections
• Cross-site scripting
• Injecting commands through the URL
• Testing with Uniscan
• Using the modsecurity WAF

5. Practicing Your Skills

• Practicing with online banking websites
• Hacking the cheese
• Training in the Web Security Dojo

Conclusion

• Next steps