4
2
6
8
7
10
of
5
30
0
• Archive: Web Application Penetration Testing: Learning from a Tester's Prespective - PHMC SECURITIES First Section Introduction (2:28) Gathering Information Nmap Introduction (8:23) Different Types of Nmap Scans (Theory) (5:50) Different Type of Nmap Scan (Demo) (4:38) Different Type of Nmap Scans 2 (4:44) Banner Grabbing Using nmap (4:05) Enumerating Directories using DirBuster (4:26) Enumerating SubDomain (10:24) Pentesting Lab Setup Setting Up the Enviornment (3:29) Setting Up the Enviornment 2 (4:30) Configuration And Deployment Management Testing HTTP Strict Transport Security (2:51) Enumerating Juicy Endpoints (4:10) Input Validation Testing What you will learn in This Section (0:58) HTML Injection (6:22) XSS (10:52) Different Type of XSS (12:40) HTTP parameter Pollution (6:10) SQL Injection (5:56)t Local File Inclusion (6:01) Directory Traversal (7:39) Command Injection (7:27) Authentication Testing Broken Authentication (11:54) Authentication Issues 1 (8:18) Authentication Issue 2 (7:46) Session Management Testing What You will Learn in This Section (0:30) Cookie Attributes (8:37) Testing for Weak Session ID (4:31) Session Management 1 (9:21) Session Management 2 (5:25) File Upload and Redirects Unrestricted File Uploads (6:51) Unvalidated Forwards and Redirects (6:02) Some Other Important issues CSRF (8:45) IDOR (7:35) CORS (8:30)