Web Application Penetration Testing: Input Validation

In this course, you’ll learn how to test for input validation in web applications. The majority of attacks on web applications are related to improper input validation and that’s the reason why this subject is interesting for penetration testers.
Course info
Rating
(14)
Level
Intermediate
Updated
Mar 6, 2020
Duration
49m
Table of contents
Description
Course info
Rating
(14)
Level
Intermediate
Updated
Mar 6, 2020
Duration
49m
Description

Improper input validation can lead to very severe consequences. In this course, Web Application Penetration Testing: Input Validation, you will learn how to test for input validation in modern web applications. First, you will learn about a cross-site scripting attack and AngularJS template injection. You will see how the attacker can steal a user’s password as a result of a cross-site scripting attack. I will also present how the attacker can proceed from AngularJS template injection to cross-site scripting. Next, you will explore XML external entity attacks and HTTP parameter pollution. You will see how the attacker can read the content of sensitive files from the web server as a result of an XML external entity attack. You will also see how the attacker can bypass authorization as a result of HTTP parameter pollution. Finally, you will discover SQL injection and Insecure Direct Object Reference. You will see how the attacker can bypass password verification as a result of SQL injection. You will also see how the attacker can gain unauthorized access to the account of another user as a result of Insecure Direct Object Reference. By the end of this course, you will know how to test for input validation in modern web applications and how to provide countermeasures for different types of attacks related to improper input validation.

About the author
About the author

Dawid Czagan is listed among the Top 10 Hackers by HackerOne. He has found security vulnerabilities in Google, Yahoo, Mozilla, Microsoft, Twitter, and other companies. Due to the severity of these bugs, he has received numerous awards for his findings.

More from the author
Credential Access with Hashcat
Intermediate
28m
May 4, 2020
More courses by Dawid Czagan
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
[Autogenerated] Hi, everyone. My name is David. Welcome to my course. Web application. ___________, testing, input, validation. I am a security instructor, researcher and Buck Hunter. In this course, I will show you how to test for input validation in modern weapon cations. The majority off attacks on Web applications are related to improper input validation. And that's the reason why this subject is interesting for ___________ testers. First, you will learn about across state scripting attack and angular Js template injection. I will demonstrate how the attacker can steal a user's password as a result of a cross site scripting attack. And how will present how death occur can proceed from angular Js template injection to cross site scripting. Next, you'll learn about an ex Immel external entity attack and http parameter pollution. I will demonstrate how death occur can read it the content off since the files from the Web server as a result of an ex Immel external entity attack and I will present how that occur can bypass authorization as a result off http parameter pollution and finally you learn about SQL injection and insecure direct object reference. I will demonstrate how that occur can bypass passport verification. As a result, off SQL injection and I will present how that occur can gain on overpriced access to the account off another user. As a result, off insecure direct object reference. By the end of the course, you will know how to test for input validation in modern Web applications, and you'll also know how to provide countermeasures for different types of attacks related to improper input. Validation. I hope you will join me on this journey to learn about testing for input validation with the Web application ___________ testing input validation course at floral site.