How to Shot Web - Better Hacking in 2015
Offered By: YouTube
Course Description
Overview
Learn advanced web hacking techniques and methodologies in this 50-minute conference talk from HouSecCon 6 (2015). Explore the differences between standard testing and more specialized approaches, discover unconventional methods for port scanning and mapping, and delve into directory bruteforce workflows. Gain insights on vulnerability discovery using OSINT and learn about new tools like the Maps Project and Intrique. Examine various attack vectors including XSS, SQL injection, file inclusion, and malicious file uploads. Understand the concept of data-driven assessment and discover the most effective resources for SQL injection. Enhance your web hacking skills with this comprehensive overview of the Bug Hunter's Methodology.
Syllabus
Intro
More Specifically
Differences from standard testing
The regular methodologies
Find the road less traveled
Port Scanning!
Mapping tips
Directory Bruteforce Workflow
Mapping/Vuln Discovery using OSINT
New Project: Maps
Using the Maps Project: Crawling
New Tool: Intrique
Session (better be quick)
Other XSS Observations
SWF Parameter XSS
SQL Injection Observations
SQLmap All Tamper Scripts
Best SQL injection resources
Local file inclusion
Remote file includes and redirects
Malicious File Upload ++
Data Driven Assessment (diminishing return FTW)
Bug Hunters Methodology
Related Courses
Building Geospatial Apps on Postgres, PostGIS, & Citus at Large ScaleMicrosoft via YouTube Unlocking the Power of ML for Your JavaScript Applications with TensorFlow.js
TensorFlow via YouTube Managing the Reactive World with RxJava - Jake Wharton
ChariotSolutions via YouTube What's New in Grails 2.0
ChariotSolutions via YouTube Performance Analysis of Apache Spark and Presto in Cloud Environments
Databricks via YouTube