HACK Web

Contents

1. Basics of web penetration testing .

1.1 Types of HACK

1.2 Report

1.3 Black hat

1.4 White hat

1.5 Testing on level of assistance

1.6 Security Experts

1.7 Computer networks

1.8 Client-server-model

1.9 IP address

1.10 IP address Versions

1.11 Internal and External IP

1.12 NAT

1.13 IP Range

1.14 Tool

1.15 DNS Domain Name System

1.16 Exploitation

1.17 OSI Model

2. Domain information Gathering

2.1 Information Gathering

2.2 Web Servers Architecture

2.3 Basics of PhP

2.4 GET vs POST

2.5 Client side attacks

2.6 Exercise

2.7 Server side attack HTML Backdoor

3. XSS, Forced browsing and event listening

3.1 Event listening

3.2 XSS (Cross site scripting)

3.3 Insecure Direct Object References (IDOR)

3.4 Session cookie flaws

3.5 CSRF Cross-site scripting request forgery

3.6 Post based xss

3.7 Open redirection vulnerability

4. Database injection and vulnerability assessment

4.1 Vulnerability Explanation

4.2 Testing

4.3 Scanner configuration

4.4 Standard SQL Injection Testing

4.5 Boolean Exploitation Technique

4.6 Error based Exploitation technique

4.7 Out of band Exploitation technique

4.8 Time delay Exploitation technique

4.9 Stored Procedure Injection

4.10 Automated Exploitation

4.11 White Space

4.12 Null Bytes

4.13 Stack fingerprinting

4.14 SQL Comments

4.15 URL Encoding

4.16 Character Encoding

4.17 String Concatenation

4.18 Hex Encoding

4.19 Testing security methods

4.20 GET based sqli

5. Fingerprinting components

5.1 Word press

5.2 Drupal

5.3 Network mapping

5.4 Beware