Web Application Penetration Testing: Client-side Testing

By Prasad Salvi
Do not let hackers execute different client-side attacks on your website. This course will teach you how to be proficient in performing client-side attacks like Cross Site Scripting, HTML Injection, Client-side redirects, and explain how to fix them.
Play course overview
Course info
Rating
(20)
Level
Intermediate
Updated
Aug 12, 2020
Duration
1h 7m
Table of contents
Course Overview
Course Overview 2m
Exploiting Cross Site Scripting Attacks
Introduction 6m Stored XSS 2m Demo: Stored XSS 4m Reflected Cross Site Scripting 2m Demo: Reflected Cross Site Scripting 6m Mitigations of Stored and Reflected XSS 3m DOM XSS and JavaScript Execution 3m Demo: DOM XSS 5m Mitigations DOM XSS 1m Summary 1m
Testing Client-side Redirects, HTML Injection, and ClickJacking
Client Side Redirects 2m Demo: Client Side Redirects 3m Mitigations Client Side Redirects 1m HTML Injection 2m Demo: HTML Injection 4m Mitigations HTML Injection 2m Clickjacking 2m Demo: Clickjacking 2m Mitigations ClickJacking 1m Summary 1m
Testing Different Types of Storage: Web/Local/Session
Introduction 2m Local Storage 2m Session Storage 2m Demo: Local and Session Storage 4m Mitigations-local and Session Storage 1m Summary 1m Course Summary 2m
Description
Course info
Rating
(20)
Level
Intermediate
Updated
Aug 12, 2020
Duration
1h 7m
Description

Hackers are getting access to your sensitive data by exploiting client-side vulnerabilities. In this course, Web Application Penetration Testing: Client-side Testing, you will gain the ability to perform different client-side attack techniques. First, you will learn Cross-Site Scripting (XSS) attacks. Next, you will discover how to test for HTML injection and URL redirects. Finally, you will learn how to test for Clickjacking attacks, testing local, and session storage. When you’re finished with this course, you will have the skills and knowledge of client-side testing needed to perform web application penetration testing and mitigate those attacks.

About the author
Prasad Salvi
About the author

Prasad is an Application Security Consultant with primary focus on providing services across the Secure Development Life cycle, Application Security and Penetration Testing spectrum. He is a part time bug bounty hunter.

More from the author
Penetration Testing of Identity, Authentication and Authorization Mechanism
Intermediate
56m
Aug 12, 2019
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hi everyone. My name is Prasad Salvi, and welcome to my course, Web Application Penetration Testing: Client‑side Testing. I'm an application security consultant and a penetration tester at one of the largest merchant acquiring and payment processing companies. Did you know threat actors are more focused on smaller and targeted attacks directed at web and client‑side applications? This can quickly compromise your critical assets and information. This course is designed to expand your knowledge on different clients‑side attack techniques. We will be attacking web applications through a hands‑on approach using different scripts and Burp Suite as our pen testing tool of choice. Some of the major topics that we will cover include: cross‑site scripting attack and its different types, client‑side redirect, HTML injection, clickjacking, and storage mechanisms. By the end of this course, you will know how to perform all these attack techniques at a comfortable and efficient level to better perform a job as a pen tester. Before beginning the course, you should be familiar with JavaScript, security testing basics, and Burp Suite Proxy. The beginner courses in our penetration testing learning path can quickly get you up to speed. I hope you'll join me on this journey to learn about different attack techniques with the Web Application Penetration Testing: Client‑side Testing course, at Pluralsight.

You're the smartest person in the room

PROVE IT

Your team won't just close the skills gap

THEY'LL HURDLE IT