Web Application Penetration Testing: Configuration and Deployment Management Testing

This course will teach you how to perform systematic penetration testing of configuration and deployment management using OWASP principles.
Course info
Level
Intermediate
Updated
Feb 12, 2019
Duration
2h 11m
Table of contents
Course Overview
Introduction
Testing Network and Infrastructure Configuration
Testing Application Platform Configuration
Testing File Handling
Looking for Sensitive Information
Enumerating and Attacking Administrative Interfaces
Testing HTTP Methods
Testing Cross-domain Policy for Rich Internet Applications (RIA)
Validating HTTP Strict Transport Security Headers (HSTS)
Course Wrap Up
Description
Course info
Level
Intermediate
Updated
Feb 12, 2019
Duration
2h 11m
Description

Learn how to test the deployed configuration that your applications are released on. In this course, Web Application Penetration Testing: Configuration and Deployment Management Testing, you'll learn how to perform systematic configuration and deployment management testing to ensure that misconfigurations, or mistakes made during application deployment, do not provide opportunities for attackers to compromise infrastructures or applications. First, you'll discover how to validate network and infrastructure configuration. Next, you'll explore testing the platform that applications are deployed upon. Then, you'll learn how to ensure that backup configurations and administrative interfaces do not open you up to attacks. Finally, you'll go through testing cross-domain policies for rich internet applications. By the end of this course, you'll have an understanding of how OWASP testing principles can be leveraged to systematically test configuration and deployment management.

About the author
About the author

Lee Allen is a penetration tester by trade. Lee has authored four books about penetration testing and has created several Pluralsight courses.

More from the author
Threat Modeling: The Big Picture
Beginner
1h 5m
Jun 27, 2017
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hi everyone. My name is Lee Allen. Welcome to my course titled Web Application Penetration Testing: Configuration and Deployment Management Testing. I am a professional penetration tester and absolutely love the security industry. In this course, we are going to take a look at how I perform systematic configuration and deployment management testing to ensure that misconfigurations or mistakes made during application deployment do not provide opportunities for attackers to compromise infrastructure or applications. The course leverages a fictional scenario, following Globomantics as they train a new web application penetration tester on how to perform penetration testing on configuration and deployment management. Some of the major topics that we will cover include validating network and infrastructure configuration, testing the platforms that applications are deployed upon, ensuring that backup configurations and administrative interfaces do not open you up to attacks, and testing cross domain policy for Rich Internet Applications. By the end of this course, you will have an understanding of how OWASP testing principles can be leveraged to systematically test configuration and deployment management. Before beginning this course, you should have a basic knowledge of what penetration testing is and why it is performed. I hope that you'll join me on this journey to learn configuration and deployment management testing with the Web Application Penetration Testing: Configuration and Deployment Management Testing course at Pluralsight.