Web App Testing - Enumeration

Dive into the first episode of a comprehensive web application testing series, focusing on enumeration techniques. Learn about the five stages of ethical hacking, reconnaissance methods, and tools for identifying subdomains. Explore the use of Burp Suite for enumeration, understand credential stuffing and password spraying concepts, and discover vulnerability scanning with Nikto. Gain insights on fingerprinting with nmap, active scanning with Burp Suite Pro, and review the Juice Shop application. Access valuable resources for web application security testing and participate in an Ask Me Anything session to enhance your knowledge in this critical cybersecurity domain.

- Introductions/Welcomes.
- whoami.
- Course learning objectives.
- Important TCM resources.
- Web app resources.
- Five stages of ethical hacking.
- Reconnaissance overview.
- Identifying target to enumerate.
- Using sublist3r to identify subdomains.
- Using crt.sh to identify subdomains.
- Setting up proxy for Burp Suite.
- Enumerating with Burp Suite.
- Credential stuffing/password spraying theory/tools.
- Using Nikto as a vulnerability scanner.
- Enumerating cipher strength.
- Using nmap for fingerprinting.
- Actively scanning with Burp Suite Pro.
- Reviewing Juice Shop.
- AMA begins.