Web Application Hacking Techniques - Workshop eBook

Download
File
Web App Hacking

Welcome to the web application hacking techniques workshop. In this module, we will discuss why it is important to learn web application hacking techniques and what happens if organizations leave the web applications vulnerable. We will also go across and understand the web application workflows and the different attack vectors for hacking web applications. This workshop will also demonstrate the actual hacking into web applications and highlights the top vulnerabilities that exist in web applications.

This e-book contains text materials from the course.

 

INSIDE

 

Module 1 – Why it is important to learn Web Hacking

    • Introduction


    • Prerequisites


    • The Trend


    • Existence of Web Applications


    • Reputation & Customer Relations


    • Business is Internet Driven


    • What happens next?


    • What happens if you don’t secure your Web Applications?


    • Web Hacking Incident Database (WHID) Stats


    • Web Hacking Facts & Figures


    • Figures from the latest Web Hacking Incidents Database Annual Reports


    • The causes of data breaches


    • Summary

        • Importance of Web Hacking for a Security Professional



Module 2 – Understand the web Application Workflow

    • Introduction


    • Types of Web Applications


    • Advantages of using Web Applications


    • Disadvantages of using Web Applications


    • Web Application Architecture

        • Presentation Layer


        • Business Layer


        • Data Layer


        • Security Tips from Microsoft Library


        • Typical Deployment Structure of the Web Applications



    • Summary


Module 3 – Different Attack Vectors for Hacking Web Applications

    • Introduction


    • 2 Types of Web Application Attacks

        • 01 Default Login


        • 02 Command Injection


        • 03 Local File include


        • 04 Remote Code Injection


        • 05 Remote File Include


        • 06 SQL Injections


        • 07 Cross-site Scripting (XSS)


        • 08 Weak Session Management


        • 09 LDAP Injection


        • 10 Persistent Cross-Site Scripting (XSS)


        • 11 Cross-Site Request Forgery (CSRF)



    • High Risk Vulnerabilities

        • Structured Query Language (SQL) Injections


        • Important Types of SQL Statements



    • Example & SQL Injections Exploitations

        • Example 1: Login Bypass SQL Injection


        • Example 2: SQL Injection Union Attack


        • Example 3: Command Injection Vulnerability



    • Summary


Module 4 – Hacking into Web Applications

    • Introduction


    • What We Will Cover

        • Prerequisites



    • Virtual Lab Setup

        • Step 1: Downloading & Installing Virtual Box


        • Step 2: Installing Kali Linux as Virtual Machine


        • Step 3: Downloading the Vulnerable Operating System


        • Step 4: Installing Vulnerable Operating System as Virtual Machine



    • Hacking into Web Applications

        • Virtual Environment


        • Using SQL Injection Techniques


        • SQL Injection Attack Vector: 1’ union all select system_user(),user()#


        • SQL Injection Attack Vector: 1’ union select 1,@@version #


        • SQL Injection Attack Vector: 1’ union select null,@@hostname#


        • SQL Injection Attack Vector: 1’ union select null,schema_name from information_schema.schemata#


        • SQL Injection Attack Vector: 1 ‘ union select null, table_name from information_schema.tables#


        • SQL Injection Attack Vector


        • SQL Injection Attack Vector


        • Command Execution Attack Vectors


        • Command Execution Attack Vector



 

Module 5 – Top ten Vulnerabilities of Web Applications

    • Introduction


    • Prerequisites


    • Top 10 OWASP Vulnerabilities

        • A1 Injection

            • SQLi Extract Data


            • SQLi Bypass Authentication


            • Command Injection DNS Lookup



        • A2 Broken Authentication


        • A3 Cross-Site Scripting

            • Cross-Site Scripting visa Input (GET/POST) DNS Lookup




    • Summary


 


Download
File
Web App Hacking

Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

2 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
danti
6 years ago

nice article but level is : basic

danti
6 years ago
Reply to  danti

just hope to see a second next level article.. thanks for this one

© HAKIN9 MEDIA SP. Z O.O. SP. K. 2013