YoVDO

Web Application Penetration Testing: Session Management Testing

Offered By: Pluralsight

Tags

Penetration Testing Courses Cybersecurity Courses Session Management Courses Cookies Courses Session Hijacking Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Learn what to look for while penetration testing session management using OWASP principles including brute-forcing, taking advantage of poorly implemented session fixation, and POST and GET requests implemented incorrectly to find weak spots.

Poorly implemented session management can allow an attacker to exploit poor controls and gain access to sensitive information. In Web Application Penetration Testing: Session Management Testing, you’ll learn how to find those vulnerabilities before the bad guys do. First, you'll explore cookies, what to look for during a pen-test, and how you can brute force your way passed the login prompt. Next, you'll learn how easy it can be to hijack someone else's session with session fixation. Finally, you’ll discover what session puzzling is and how to leverage it as an attacker. When you’re finished with this course, you'll have a solid understanding of what to look for while penetration testing session management.

Syllabus

  • Course Overview 1min
  • Course Introduction 2mins
  • Testing for Bypassing Session Management Schema 29mins
  • Testing for Cookie Attributes 16mins
  • Testing for Session Fixation 7mins
  • Testing for Exposed Session Variables 16mins
  • Testing for Cross-site Request Forgery 8mins
  • Testing for Logout Functionality 8mins
  • Testing Session Timeout 10mins
  • Testing Session Puzzling 11mins
  • Course Wrap-up 6mins

Taught by

Clark Voss

Related Courses

Network Security
Georgia Institute of Technology via Udacity
Proactive Computer Security
University of Colorado System via Coursera
Identifying, Monitoring, and Analyzing Risk and Incident Response and Recovery
(ISC)² via Coursera
Hacker101
HackerOne via Independent
CNIT 127: Exploit Development
CNIT - City College of San Francisco via Independent