Web App Pen Testing: Reconnaissance
Reconnaissance, the first critical phase of penetration testing, is critical in understanding the attack surface of a target web application. This course lays the foundation for becoming a skilled web app penetration tester.
What you'll learn
Building a strong foundation for a Web Application Penetration Test is critical for success. In this course, Web App Pen Testing: Reconnaissance, you’ll learn to thoroughly plan a Web App Pen Test and begin to apply the Web App Pen Testing methodology through reconnaissance. First, you’ll learn some key terms and concepts that synchronize your vocabulary with the industry. This will include exploring the various Web App Security Testing methods and types as you make work your way towards gaining a thorough understanding of the Dynamic Web App Pen Testing methodology. Next, you’ll cover the Web Application Security Test Planning process to ensure conditions are set for a successful and legal engagement. Finally, you’ll learn how to begin applying the Web App Pen Testing methodology by passively gathering information about the target and its environment from external sources. When you’re finished with this course, you’ll have the skills and knowledge of Web App Pen Testing needed to prepare for and begin conducting a successful Web App Pen Test.
Table of contents
- Introduction to Reconnaissance 3m
- Reconnaissance Objectives 2m
- Harvesting Contacts and User Profiles 2m
- Harvesting Breach Data 2m
- Enumerating Technologies and Configurations 1m
- Demo: Enumerating Technologies with IoT Search Engines 11m
- Searching for Disclosed Vulnerabilities 1m
- Mining for Sensitive Information 2m
- Search Engine Hacking 3m
- Demo: Mining Sensitive Information 11m
About the author
Tim is a believer, husband, father, veteran, software developer, web application security engineer, and the founder of PractiSec (Practical Security Services). With extensive experience in web application security and software development, Tim currently conducts consultative engagements, manages multiple open source software projects (Recon-ng Framework, the HoneyBadger Geolocation Framework, PwnedHub, etc.), writes technical articles (lanmaster53.com), and frequently instructs and presents on s... more