Description
Course info
Level
Intermediate
Updated
Oct 26, 2020
Duration
1h 1m
Description

How can you prevent attacks if you don't know your enemy? In this course, Web Application Penetration Testing: Information Gathering, you’ll learn to better know how your enemies target you. First, you’ll explore fingerprinting web applications and their building blocks. Next, you’ll discover enumerating those applications and knowing their entry points. Finally, you’ll learn how to use all the needed tools. When you’re finished with this course, you’ll have the skills and knowledge needed to understand how information can be gathered about web targets.

About the author
About the author

Malek is an Informaion Security Consultant and Penetration Tester, he focuses on web and Android applications security.

Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hi, everyone. My name is Malek Mohammad, and welcome to my course, Web Application Penetration Testing: Information Gathering. I am an information security consultant with software development background. Some of the newcomers to application security field start their learning path skipping information gathering. They head towards the actual hacking. That makes it frustrating and hard for them to learn properly. Well, how would you attack a target without knowing every detail about it? This course aims at supplying the learner with all the concepts and skill sets needed to make them ready for the next step in the learning path. Some of the major topics we are going to cover include identify targets to know what to observe and what framework to use to know their weaknesses. And then we are going to move to identifying hidden web applications in order not to leave out any part of the target. After that, we are going to look for leakages that may provide us a shortcut to exploiting the target. We're also going to enumerate entry points and workflows for applications and finally mapping the application architectures in order to know all the building blocks, all of that accompanied with real‑world examples to learn how to use tools against them. By the end of this course, you'll know how to better identify your target and do full reconnaissance for it in order for you to expand your attack surface and craft effective attacks to exploit weaknesses within the target. Before beginning the course, you should be familiar with Linux commands in general. I hope you'll join me on this journey to learning information gathering with the Web Application Penetration Testing: Information Gathering course at Pluralsight.