Introduction To Web Application Penetration Testing

Learn how to perform penetration tests on web applications for bug bounty hunting and exploit a potential vulnerability

What you'll learn

Using Generative AI to get predictions for Penetration Tests

Using reconnaissance tools to gather information on the vulnerable endpoint

Manually assessing a web application without automatic penetration testing tools

Using automatic penetration testing tools

Building Exploits for Web Applications

Understanding False Negatives when using automated penetration testing tools

Requirements

HTML

PHP

Python

Bash Scripting

JavaScript

Description

In this course, you’ll learn the basics of performing basic penetration tests on web applications manually and using automated penetration testing tools with the help of different Artificial Intelligence that exist out there. We will compare the differences and answers given by three different AI’s including ChatGPT, PenTestGPT and WhiteRabbitNeo AI and see the negative sides of using AI as a whole when performing these penetration tests. We will perform some manual tests without using automated tools to better understand how vulnerabilities can be exploited without getting any false negatives that are present when using AI and automation for penetration tests; I will also disclose a duplicate report that I obtained permission for to disclose to the public which I was allowed to disclose, so you have an idea on how to write reports to HackerOne and other Web Application Penetration Testing Bug Bounties and Vulnerability Disclosure Programs.Please note that this course is for educational purposes only. This course is intended to teach people to perform ethical hacking and contains highly sophisticated cybersecurity techniques which can be used by anyone. Do not use anything taught in this course illegally, I will not be responsible for any damage or harm caused to a system from what you learn and apply from this course. This course is for people who want to become Bug Bounty Hunters and White Hat Hackers to prepare and refresh them for a better world of security and help in mitigating cyber risks.

Overview

Section 1: Introduction

Lecture 1 Personal Introduction

Lecture 2 Introduction to the course

Section 2: Prerequisites

Lecture 3 Installing Kali Linux

Lecture 4 Installing OWASP ZAP

Lecture 5 Configuring Burpsuite

Lecture 6 Websites we will use

Lecture 7 Installing and Configuring ngrok

Lecture 8 Installing Wappalyzer

Lecture 9 Using Nikto to find Vulnerabilities

Lecture 10 Finding Vulnerable Web Application Ports using Network Mapper

Lecture 11 Using GoBuster

Lecture 12 Installing GoBuster

Section 3: Bug Bounty Hunting

Lecture 13 Understanding Bug Bounties and HackerOne

Lecture 14 Exploiting Remote Code Execution Vulnerability (Automatic and AI)

Lecture 15 Exploiting SQL Injection Vulnerability (Automatic)

Lecture 16 Exploiting Subdomain Takeover Vulnerability (Automatic)

Lecture 17 Exploiting Privacy Violation Vulnerability (Automatic)

Lecture 18 Using Nuclei Verbose Mode to find Vulnerable Endpoints (Automatic)

Lecture 19 Using Katana to find Vulnerable Endpoints (Automatic)

Lecture 20 Exploit to bypass Error 403 (Automatic)

Lecture 21 Exploiting Missing SRI Vulnerability (Automatic)

Lecture 22 Using OWASP ZAP for Auto-Manual Vulnerability Detection (Automatic)

Lecture 23 Exploiting Open Redirect Vulnerability (Automatic)

Lecture 24 Exploiting Account Takeover Vulnerability (Manual)

Lecture 25 Exploiting Stored XSS Vulnerability (Manual)

Lecture 26 Exploiting OTP Overflow (Manual)

Lecture 27 Exploiting Insecure Direct Object Reference (Manual)

Lecture 28 Exploiting XSS Vulnerability (Manual)

Lecture 29 Advanced Google Hacking Techniques (Auto-Manual)

Lecture 30 Exploiting Local File Inclusion and Directory Transversal (Manual)

Lecture 31 Exploiting Remote File Inclusion (Manual)

Lecture 32 Exploiting Cross Site Request Forgery (Manual)

Lecture 33 Exploiting Server Side Request Forgery (Manual)

Lecture 34 Advanced GitHub Hacking Techniques (Manual)

Lecture 35 Bypassing Web Application Firewalls (Manual)

Lecture 36 Exploiting Cross Origin Resource Sharing Vulnerability (Manual)

Lecture 37 Exploiting Clickjacking Vulnerability (Manual)

Section 4: Report Writing, Conclusion and Exam

Lecture 38 Report Writing

Lecture 39 Conclusion

Advanced Learners on Web Application Penetration Testing,Beginner Learners on Web Application Penetration Testing