Web Application Penetration Testing: Input Validation

In this course, you’ll learn how to test for input validation in web applications. The majority of attacks on web applications are related to improper input validation and that’s the reason why this subject is interesting for penetration testers.

Improper input validation can lead to very severe consequences. In this course, Web Application Penetration Testing: Input Validation, you will learn how to test for input validation in modern web applications. First, you will learn about a cross-site scripting attack and AngularJS template injection. You will see how the attacker can steal a user’s password as a result of a cross-site scripting attack. I will also present how the attacker can proceed from AngularJS template injection to cross-site scripting. Next, you will explore XML external entity attacks and HTTP parameter pollution. You will see how the attacker can read the content of sensitive files from the web server as a result of an XML external entity attack. You will also see how the attacker can bypass authorization as a result of HTTP parameter pollution. Finally, you will discover SQL injection and Insecure Direct Object Reference. You will see how the attacker can bypass password verification as a result of SQL injection. You will also see how the attacker can gain unauthorized access to the account of another user as a result of Insecure Direct Object Reference. By the end of this course, you will know how to test for input validation in modern web applications and how to provide countermeasures for different types of attacks related to improper input validation.