Web Application Penetration Testing: Insecure Error Handling
Offered By: Pluralsight
Course Description
Overview
In this course, you'll learn how severe consequences can happen as a result of insecure error handling in modern web applications. You'll see how to test web applications for insecure error handling and how to prevent these problems from happening.
Insecure error handling can lead to very severe consequences and that’s the reason why this subject is interesting for penetration testers. In this course, Web Application Penetration Testing: Insecure Error Handling, you will learn how to test for insecure error handling in modern web applications. First, you will discover different types of insecure web server errors. You will see what dangers can happen when the web server version is disclosed in an error message. You will also see how the attacker can steal sensitive data as a result of a cross-site scripting attack via an error message. Next, you will learn about insecure error handling in the context of login functionality, which is one of most sensitive functionalities in web applications. You will see how to test for user enumeration via error messages and how to test for insecure handling of many unsuccessful login attempts. Finally, you will explore some of the most dangerous errors in modern web applications (unhandled exceptions and file inclusion errors). You will see how the attacker can learn sensitive data as a result of triggering an unhandled exception. You will also see how the attacker can proceed from file inclusion errors to reading the content of sensitive files. By the end of this course, you will know how to test for insecure error handling in modern web applications and how to prevent these problems from happening.
Insecure error handling can lead to very severe consequences and that’s the reason why this subject is interesting for penetration testers. In this course, Web Application Penetration Testing: Insecure Error Handling, you will learn how to test for insecure error handling in modern web applications. First, you will discover different types of insecure web server errors. You will see what dangers can happen when the web server version is disclosed in an error message. You will also see how the attacker can steal sensitive data as a result of a cross-site scripting attack via an error message. Next, you will learn about insecure error handling in the context of login functionality, which is one of most sensitive functionalities in web applications. You will see how to test for user enumeration via error messages and how to test for insecure handling of many unsuccessful login attempts. Finally, you will explore some of the most dangerous errors in modern web applications (unhandled exceptions and file inclusion errors). You will see how the attacker can learn sensitive data as a result of triggering an unhandled exception. You will also see how the attacker can proceed from file inclusion errors to reading the content of sensitive files. By the end of this course, you will know how to test for insecure error handling in modern web applications and how to prevent these problems from happening.
Syllabus
- Course Overview 2mins
- Triggering Web Server Errors 15mins
- Identifying Login Functionality Errors 17mins
- Finding Unhandled Exceptions and File Inclusion Errors 14mins
Taught by
Dawid Czagan
Related Courses
Advanced Cyber Security TrainingEC-Council via FutureLearn Advanced Python Scripting for Cybersecurity
Infosec via Coursera Ciberseguridad
Universidad de los Andes via Coursera Fundamentals of Computer Network Security
University of Colorado System via Coursera Ethical Hacking Course Certification
Cybrary