YoVDO

Web Application Penetration Testing: Input Validation

Offered By: Pluralsight

Tags

Penetration Testing Courses Cybersecurity Courses SQL Injection Courses Input Validation Courses

Course Description

Overview

In this course, you’ll learn how to test for input validation in web applications. The majority of attacks on web applications are related to improper input validation and that’s the reason why this subject is interesting for penetration testers.

Improper input validation can lead to very severe consequences. In this course, Web Application Penetration Testing: Input Validation, you will learn how to test for input validation in modern web applications. First, you will learn about a cross-site scripting attack and AngularJS template injection. You will see how the attacker can steal a user’s password as a result of a cross-site scripting attack. I will also present how the attacker can proceed from AngularJS template injection to cross-site scripting. Next, you will explore XML external entity attacks and HTTP parameter pollution. You will see how the attacker can read the content of sensitive files from the web server as a result of an XML external entity attack. You will also see how the attacker can bypass authorization as a result of HTTP parameter pollution. Finally, you will discover SQL injection and Insecure Direct Object Reference. You will see how the attacker can bypass password verification as a result of SQL injection. You will also see how the attacker can gain unauthorized access to the account of another user as a result of Insecure Direct Object Reference. By the end of this course, you will know how to test for input validation in modern web applications and how to provide countermeasures for different types of attacks related to improper input validation.

Syllabus

  • Course Overview 2mins
  • Testing for Cross-Site Scripting and AngularJS Template Injection 16mins
  • Testing for XML External Entity Attack and HTTP Parameter Pollution 16mins
  • Testing for SQL Injection and Insecure Direct Object Reference 15mins

Taught by

Dawid Czagan

Related Courses

Burp Suite: Introducción a las pruebas de penetración
Coursera Project Network via Coursera
Ethical Hacking & Network Defe
City College of San Francisco via California Community Colleges System
OWASP Top 10: Injection Attacks
Codecademy
Defending Node Applications from SQL Injection, XSS, & CSRF Attacks
Codecademy
Introduction to Cybersecurity
Codecademy