Internet Vulnerabilities

Up until this point you have learned many concepts of contemporary web architecture. Being the largest network, the internet is vulnerable to a large number of attacks due to its enormous surface area. This is the first offensive security course, in our training program, which will leverage all the pre-requisite knowledge you have acquired about computer networking and cryptography. In this course you will learn how to conduct a web application security test, which will help you identify and exploit web application vulnerabilities. We will guide you in setting up a sandboxed, vulnerable web application on your local device, so you can practice hands-on penetration testing exercises. You will be encouraged to conduct various types of attacks on your target including path traversal attacks, exploiting remote and local file inclusion vulnerabiltiies, SQL injection and XSS attacks. This is a hands on course, and you will be using a number of new tools.

View Course details

· August 25, 2021

Before you start breaking web applications it is critical that you have a basic understanding of how they are built. This course is broken down into four modules. The first module will give you a crash course into various aspects of web architecture and development. You will learn about the evolution of web architecture from the monolith model to the transition to a microservices model. You will then be introduced to some of the common ‘stacks’ that are operating in the wild. These are still being used by large companies like Meta, Slack and WordPress. The main purpose of this is to allow you to differentiate between vulnerabilities in front-end and back-end components. The final part of this module will introduce you to two industry recognised security assessment tools Burp Suite and OWASP Zap. You will be shown how to configure Burp Suite to capture and analyze HTTP requests with third party web browsers.

The second module will reinforce the ethical and legal considerations involved in conducting a live web application penetration test. It is critical that you understand that all testing must be conducted with prior written permission from the owner or on a target that you solely own yourself. You will set up and start attacking your sandboxed vulnerable web application using a simple directory traversal technique. From here you will move onto more advanced attack methods by exploiting file inclusion vulnerabilities.

The third module will require you to synthesise theory on how a user interacts with a database. You will then learn about simple SQL queries and leverage this knowledge to design payloads to hack into an admin login page. The final part of module three will require you to differentiate between the different types of XSS injection vulnerabilities and execute them on your target web application.

In the final module, you will need to identify session management vulnerabilities using the Burp Suite repeater. This will be followed by a demonstration of how to conduct a brute force attack using the Burp Suite intruder function.

Internet Vulnerabilities

Course Content

Course Includes