Skip to content

WEB Penetration testing

  • Reconnaissance

    • Shodan / Google dorks
    • Enumerowanie
      • subdomen
      • folderów
      • zasobów

  • Introduction

    • Request & Response
    • OWASP Top 10 2021
    • CWE / CVE / CVSS

  • Web Attacks - Analiza podatności (atak, obrona, przykład)

    • (SQLi) SQL i NoSQL injection
    • (OSi) OS Command injection
    • (UFU) Unrestricted File Upload
    • (XSS) Cross-site scriptin
    • (XML)
      • (XXE) XML External Entity
      • DoS XML
    • (YAML)
      • DoS YAML
    • (CSRF) Cross-Site Request Forgery
    • (LFI) Local File Inclusion
    • (RFI) Remote File Inclusion
    • (DT) Directory Traversal
    • (IDOR) Insecure Direct Object Reference
    • (SSTI) Server-Side Template Injection
    • (SSRF) Server-Side Request Forgery
    • (DoS) Denial of Service and Application Denial of Service
    • (OldLib) Using component with known vulnerabilities

  • Authentication and Authorization

    • Different types of authentication and their vulnerabilities
    • User enumeration where and how
    • Password bruteforce

  • How to test API

    • Authentication and Authorization
    • Data Encryption
    • Input Validation
    • Security Headers
    • and other

  • Configuration and mis-configuration

    • na przykładzie nginx-a