HUNT: Data-Driven Web Hacking and Manual Testing
Offered By: OWASP Foundation via YouTube
Course Description
Overview
Explore a comprehensive 44-minute conference talk from AppSecUSA 2017 that introduces HUNT, a powerful Burp Suite extension designed to enhance web hacking and manual testing. Learn how this data-driven tool leverages real-world vulnerability data to provide parameter-level suggestions for identifying critical issues like SQL Injection, Command Injection, and File Inclusion vulnerabilities. Discover how HUNT aims to organize common web hacking methodologies within Burp Suite, making it easier to assess large, complex applications more thoroughly. Gain insights into the tool's core functionality, data-driven design, and its potential to turbocharge web hacking without sacrificing efficiency.
Syllabus
Intro
Contributions
The Problems
Current Solutions
Introducing HUNT
Level 1 - HUNT Scanner
Bug Location (Tribal Knowledge)
Vulnerability Locations
Advisory
SQL Injection
Server Side Request Forgery AAA
Insecure Direct Object Reference
Server Side Template Injection
Debug & Logic Parameters
HUNT Scanner Implementation
Level 2 - HUNT Methodology
Methodologies
Description
Multiple Request/Response
Resources
Notes
Methodology Implementation
Plugin Installation
Installation - Plugin
Setting Target Scope
Setting Passive Scanner Scope
Running the Passive Scanner
Scanner Extensibility
Methodology Extensibility
Taught by
OWASP Foundation
Related Courses
Hacking and PatchingUniversity of Colorado System via Coursera Software Design Threats and Mitigations
University of Colorado System via Coursera Introduction to Cybersecurity for Teachers
Raspberry Pi Foundation via FutureLearn Identifying Security Vulnerabilities
University of California, Davis via Coursera Web Application Security Testing with Burp Suite
Coursera Project Network via Coursera