In this video from our new Web app attacks and API hacking online course we will see how Google dorking works, and how it can be used when testing the security of web applications. Let's get right into it!
The Internet is full of so many web applications, and no product is 100% perfect. Companies perform functional testing and stress testing to make sure they operate smoothly, but to ensure they are safe and secure you need security testing, through pentests and vulnerability assessments. This course is all about Web Application Penetration Testing and finding security holes in those applications.Through concepts, tools, and lots of practice you will train to find them and use them to make applications more secure. You will be able to use that knowledge in your everyday job, or utilize it to participate in bug bounty programs!
During the course, we will solve some CTF and other challenges available online as a bonus.
In the first module uf the course:
In order to move along with the instructor, it is necessary for everyone to be on the same page. Therefore, setting up the lab and its usage is important. We will also have an overview of OWASP Top 10 and the OWASP Testing Guide to set the foundation for practical testing in later modules.
- Kali Linux installation/ova file import
- Importing the vulnerable machine prepared by the instructor
- Setting up Burp Suite
- OWASP Top 10 Overview
- OWASP Testing Guide
- HTTP and HTTPS for web application pentests
- Setting up Burp and Zap to work against HTTPS and HTTP communication
- Testing for HTTP methods
- Response headers and what they mean
- Testing using Burp and testing using Zap in practice
- Differences between Burp and Zap
- Combining Burp Community Edition and Zap to get results as if you were using Burp Pro
- Google Dorking to find vulnerable domains instantly. Combining the dorks with tools to provide a better and faster result.
- Wayback machine
- All the different tools and techniques for finding subdomains