How can you prevent attacks if you don't know your enemy? In this course, Web Application Penetration Testing: Information Gathering, you’ll learn to better know how your enemies target you. First, you’ll explore fingerprinting web applications and their building blocks. Next, you’ll discover enumerating those applications and knowing their entry points. Finally, you’ll learn how to use all the needed tools. When you’re finished with this course, you’ll have the skills and knowledge needed to understand how information can be gathered about web targets.
What is information gathering?
In this course, information gathering means to gather all types of information you can about a specific target in order to better understand the targets strengths and weaknesses.
What is application security software used for?
Application security software is used to develop, test, and optimize security measures with applications to prevent and mitigate security vulerabilities from attackers.
What prerequisites are needed?
The prerequisite for this course is to have an understanding of Linux Command Line.
What will I learn in this information security course?
In this course, you will learn how to identify targets through fingerprinting, discover hidden web applications, how to find leakages, how to enumerate web entry points, and how to map the application architecture. By the end of this course you will know how to do full reconnaissance for your target.
What is Linux Command Line?
Linux command line is a text interface to your computer that allows users to execute commands by manually typing within the terminal.
Malek is an Informaion Security Consultant and Penetration Tester, he focuses on web and Android applications security.
Section Introduction Transcripts
Section Introduction Transcripts
Course Overview Hi, everyone. My name is Malek Mohammad, and welcome to my course, Web Application Penetration Testing: Information Gathering. I am an information security consultant with software development background. Some of the newcomers to application security field start their learning path skipping information gathering. They head towards the actual hacking. That makes it frustrating and hard for them to learn properly. Well, how would you attack a target without knowing every detail about it? This course aims at supplying the learner with all the concepts and skill sets needed to make them ready for the next step in the learning path. Some of the major topics we are going to cover include identify targets to know what to observe and what framework to use to know their weaknesses. And then we are going to move to identifying hidden web applications in order not to leave out any part of the target. After that, we are going to look for leakages that may provide us a shortcut to exploiting the target. We're also going to enumerate entry points and workflows for applications and finally mapping the application architectures in order to know all the building blocks, all of that accompanied with real‑world examples to learn how to use tools against them. By the end of this course, you'll know how to better identify your target and do full reconnaissance for it in order for you to expand your attack surface and craft effective attacks to exploit weaknesses within the target. Before beginning the course, you should be familiar with Linux commands in general. I hope you'll join me on this journey to learning information gathering with the Web Application Penetration Testing: Information Gathering course at Pluralsight.