Optiva & Jboss - Tutorial [FREE COURSE CONTENT]

Jul 29, 2020

In this video from our  Web app attacks and API hacking online course your instructor, Mukul, will show you the functionalities of the Optiva framework and Jboss-related vulnerabilities. It's one more tool under your belt, watch the video and grab it! 



The Internet is full of so many web applications, and no product is 100% perfect. Companies perform functional testing and stress testing to make sure they operate smoothly, but to ensure they are safe and secure you need security testing, through pentests and vulnerability assessments. This course is all about Web Application Penetration Testing and finding security holes in those applications.Through concepts, tools, and lots of practice you will train to find them and use them to make applications more secure. You will be able to use that knowledge in your everyday job, or utilize it to participate in bug bounty programs!

During the course, we will solve some CTF and other challenges available online as a bonus.

In the first module of the course: 

In order to move along with the instructor, it is necessary for everyone to be on the same page. Therefore, setting up the lab and its usage is important. We will also have an overview of OWASP Top 10 and the OWASP Testing Guide to set the foundation for practical testing in later modules.

Covered topics: 

  • Kali Linux installation/ova file import
  • Importing the vulnerable machine prepared by the instructor
  • Setting up Burp Suite
  • OWASP Top 10 Overview
  • OWASP Testing Guide
  • HTTP and HTTPS for web application pentests
  • Setting up Burp and Zap to work against HTTPS and HTTP communication
  • Testing for HTTP methods
  • Response headers and what they mean
  • Testing using Burp and testing using Zap in practice
  • Differences between Burp and Zap
  • Combining Burp Community Edition and Zap to get results as if you were using Burp Pro
  • Google Dorking to find vulnerable domains instantly. Combining the dorks with tools to provide a better and faster result.
  • Wayback machine
  • All the different tools and techniques for finding subdomains

Course toolbox: 

Burp Suite Community Edition, ZAP, HUD, Kali Linux, gobuster, dirbuster, fuzzdb, metasploit, skipfish, nikto, wfuzz, sqlmap, nmap, whatweb, sparta, hydra, arjun, BeEF, Wapiti, Amass, Sublist3r, Knockpy, Eyewitness, Wayback machine, Google Dorks, RedHawk, galileo, blackwidow, xssstrike, wascanm, optiva framework,, rapidscan, fuxploider, paramspider, jexboss, w3af, tidos framework, and more!


[custom-related-posts title="Related Posts" none_text="None found" order_by="title" order="ASC"]

Recommended From Hakin9
Lessons from SP Oswal and other recent Deep-fake Scams: How to combat sophisticated frauds

Scams in India are reaching a whole new level. Take the case of Sri S.P.

The New Frontier of Scamming: How Real-Time Bidding is Fueling Fraud

This happened in Australia. A citizen recently received a text message that seemed to know

Defining Cybersecurity in Healthcare

With healthcare accounting for 34% of cyberattacks in 2023, the sector is a prime target

Cybersecurity’s Toughest Battle: Why the bad guys keep winning

It’s hard to keep up with today’s cybersecurity landscape. Every time you think you’ve nailed

(216 views)
Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023