Web Application Penetration Testing

Hallo, semuanya.
Buat kalian yang sedang cari kawasan berguru web application penetration testing, ok kali ini gw mau sharing link aneka macam macam tutorial disini.
Pokoknya recommended banget terutama bagi yang pemula.

Ok gausah berlama-lama kita eksklusif ke topik pembahasan ajalah hhh.

Phase 1 - History

• History of Internet

Phase 2 - Web and Server Technology

• Basic concepts of web applications, how they work and the HTTP protocol
• HTML basic part 1
• HTML basic part 2
• Difference between static and dynamic website
• HTTP protocol Understanding
• Parts of HTTP Request
• Parts of HTTP Response
• Various HTTP Methods
• Understanding URLS
• Intro to REST
• HTTP Request & Response Headers
• What is a cookie
• HTTP Status codes
• HTTP Proxy
• Authentication with HTTP
• HTTP basic and digest authentication
• What is "Server-Side"
• Server and client side with example
• What is a session
• Introduction to UTF-8 and Unicode
• URL encoding
• HTML encoding
• Base64 encoding
• Hex encoding & ASCII

Phase 3 - Setting up the lab with BurpSuite and bWAPP

Manish Agrawal

• Setup lab with bWAPP
• Setup BurpSuite
• Configure Firefox and add certificate
• Mapping and scoping website
• Spidering
• Active and passive scanning
• Scanner option and demo
• Introduction to password security
• Intruder
• Intruder attack types
• Payload settings
• Intuder settings

Ether Security Lab

• No.1 penetration testing tool
• Environment Setup
• General concept
• Proxy module
• Repeater module
• Target and spider module
• Squencer and scanner module

Phase 4 - Mapping the application and attack surface

• Spidering
• Mapping application using robots.txt
• Discover hidden contents using dirbuster
• Dirbuster in detail
• Indentify application entry points
• Indentify application entry points - OTG INFO 006
• Indetify client and server technology
• Indentify server technology using banner grabbing (telnet)
• Indentify server technology using httprecon

Phase 5 - Understanding and exploiting OWASP top 10 vulnerabilities

• A closer look at all owasp top 10 vulnerabilities

Ibm

• Injection
• Broken authentication and session management
• Cross-site scripting
• Insecure direct object reference
• Security misconfiguration
• Sensitive data exposure
• Missing functional level access controls
• Cross-site request forgery
• Using commponents with known vulnerabilities
• Unvalidated redirects and forwards

F5 Central

• Injection
• Broken authencation and session management
• Insecure deserialistaion
• Sensitive data exposure
• Broken acess control
• Insufficient logging and monitoring
• XML external entities
• Using commponents with known vulnerabilities
• Cross-site scripting
• Security misconfiguration

Luke Briner

• Injection explained
• Broken authentication and session management
• Cross-site scripting
• Insecure direct object reference
• Security misconfiguration
• Sensitive data exposure
• Missing functional level access controls
• Cross-site request forgery
• Commponents with known vulnerabilities
• Unvalidated redirects and forwards

Phase 6 - Bypassing client-side controls

• What is hidden forms in HTML
• Bypassing hidden form fields using tamper data
• Bypassing hidden form fields using Burp Suite (Purchase application)
• Changing price on eCommerce website using parameter tampering
• Understanding cookie in detail
• Cookie tampering with tamper data
• Cookie tamper part 2
• Understanding referer header in depth using Cisco product
• Introduction to ASP.NET viewstate
• ASP.NET viewstate in depth
• Analyse sensitive data in ASP.NET viewstate

Phase 7 - Attacking authentication/login

• Attacking login panel with bad password - Guess username password for the website and try different
• Brute-force login panel
• Username unumeration
• Username enumeration with bruteforce password attack
• Authentication over insecure HTTP protocol
• Authentication over insecure HTTP protocol?
• Forgot password vulnerability - case 1
• Forgot password vulnerability - case 2
• Login page autocomplete feature enabled
• Testing for weak password policy

Phase 8 - Attacking access controls (IDOR, Priv esc, Hidden files and directories)

Completely unprotected functionalities

• Finding admin panel
• Finding admin panel and hidden files and directories
• Finding hidden webpages with dirbuster

Insecure direct object reference

• IDOR case 1
• IDOR case 2
• IDOR case 3 (zomato)

Privilege escalation

• What is privilege escalation
• Privilege escalation - Hackme bank - case 1
• Privilege escalarion - case 2

Phase 9 - Attacking data stores (Various types of injection attacks - SQL|MySQL|NoSQL|Oracel, etc.)

• Basic of MySQL
• Bypassing login panel - case 1
• Bypassing login panel - case 2

SQL Injection

• Part 1 - Install SQLi lab
• Part 2 - SQL lab series
• Part 3 - SQL lab series
• Part 4 - SQL lab series
• Part 5 - SQL lab series
• Part 6 - Double query injection
• Part 7 - Double query injection continue
• Part 8 - Blind injection boolean based
• Part 9 - Blind injection time based
• Part 10 - Dumping DB using outfile
• Part 11 - POST parameter injection error based
• Part 12 - POST parameter injection double query based
• Part 13 - POST parameter injection blind boolean and time based
• Part 14 - POST parameter injection in UPDATE query
• Part 15 - Injection in insert query
• Part 16 - Cookie based injection
• Part 17 - Second order injection
• Part 18 - Bypassing backlist filters - 1
• Part 19 - Bypassing backlist filters - 2
• Part 20 - Bypassing backlist filters - 3
• Part 21 - Bypassing WAF
• Part 22 - Bypassing WAF Impedance mismatch
• Part 23 - Bypassing addslashes - charset mismatch

NoSQL Injection

• Abusing NoSQL databases
• Making cry - attacking NoSQL for pentesters

Xpath Injection

• Detailed introduction
• Pratical 1 - bWAPP
• Pratical 2 - Mutillidae
• Pratical 3 - Webgoat

LDAP Injection

• Introduction and pratical 1
• Pratical 2

Phase 10 - Attacking back-end commponents (OS command injection, XMI interpreters, mail services, etc.)

OS command injection

• OS command injection in bWAPP

Oke mugkin cukup segini dulu, semisal nanti ada update terbaru nanti gw update juga artikelnya.

Pokoknya pantengin aja terus blog gw.

Yaudahlah, sekian untuk artikel kali ini. Semoga bermanfaat, Thanks!!!