Autoplay
Autocomplete
Previous Lesson
Complete and Continue
Web Security Professional
Chapter 1: Understanding The Web Architecture
Download Link (Resources)
What is Server? (4:43)
Server - Demo (8:16)
What is DNS? (3:02)
DNS - Demo (10:57)
Simple Web Application Architecture (6:42)
HTTP REQUEST / RESPONSE (7:46)
Web 2.0 | Frontend (10:53)
Web 2.0 | Frontend - Demo (8:22)
Web 2.0 | Backend (5:27)
Web 2.0 | Backend - Demo (23:05)
Cookies and Sessions (8:46)
Web 2.0 | Backend | Cookie - Demo (11:40)
Web 2.0 | Database (2:34)
Web 2.0 | Database - Demo (19:00)
Modern Web App Architecture | MPA (3:46)
Hosting Your First Web APP (18:34)
Web Application Logging (4:41)
SPA & Demo (4:39)
How Does The Backend Receive Data? (11:14)
WEB API | RESTful & Demo (7:37)
WEB API | GraphQL & Demo (6:12)
WEB API | API Key & Demo (8:24)
Web Socket (4:00)
Web Server In a Network (2:39)
Load Balancer (2:57)
Web Caching (2:03)
Content Delivery Networks (CDNs) (1:01)
Web Application FireWall (2:12)
Am I a Pro Web Developer Now? (4:11)
Chapter 2: Mastering Burp Suite Techniques
Recap | Web App Basics (5:11)
Recap | Live Demo (4:24)
Proxy Tool (4:49)
Burp Suite | Getting Started (1:24)
Burp Suite Overview (3:55)
HTTP History (4:21)
Web Socket (1:36)
Web Socket LAB (3:36)
Filter | Settings Mode by Annotations (2:12)
Filter | Settings mode by MimeType & File Extensions (2:18)
Filter | Settings Mode by Search Term (2:11)
Filter | Settings Mode by Status Code (2:17)
Filter | Bambda mode (6:21)
Target Site Scope (6:47)
Target Site Scope | Import Settings (4:19)
Target Site Map (3:36)
Target Site Map | Practical (3:33)
Target Site Map Filtering (2:10)
Configuring Burp Suite With Browsers (6:26)
Proxy Listeners (3:18)
Intercepting HTTP and HTTPS traffic (2:04)
SSL/TLS Pinning (3:12)
Burp Certificate With Firefox (2:47)
Warning (1:47)
Burp Certificate With Chrome (2:37)
Foxy Proxy (1:45)
Foxy Proxy | Practical (4:03)
Intercept Requests | Theoretical (4:34)
Intercept Requests | Practical (3:15)
Intercept Responses| Theoretical (6:43)
Intercept Responses| Practical (6:36)
Intercept Rules (7:20)
Repeater (5:27)
Repeater Manage Tabs (2:34)
Match and Replace | Theoretical (1:50)
Match and Replace | Practical (10:47)
Match and Replace Program Policy (6:04)
Decoder | Theoretical (3:31)
Decoder | Practical (2:07)
Decoder | Inspector (0:40)
Intuder | Theoretical (5:52)
Intuder | Practical (4:49)
Intruder | Sniper (3:58)
Intruder | Sniper | Practical (3:03)
Intruder | Battering Ram (1:28)
Intruder | Battering Ram | Practical (1:15)
Intruder | Pitchfork (2:49)
Intruder | Pitchfork | Practical (2:18)
Inruder | Cluster bomb (3:54)
Inruder | Cluster bomb | Practical (3:02)
Comparer (3:06)
BApp Store (2:31)
Logger++ (4:12)
Troubleshooting (5:32)
Should I Buy Burp Pro Now? (2:04)
Ending (1:48)
Chapter 3: Authentication Attacks
Getting Started (0:57)
Authentication (1:23)
Authorization (1:08)
Authentication Vs Authorization (4:16)
Authentication Types (1:07)
Authentication Best Practices (6:48)
Authentication OWASP Guidlines (3:23)
Authentication Methods (2:49)
Cookie Based Authentication (2:50)
Cookie Based Authentication | Explore (2:55)
Cookie Based Authentication Practicing (1:46)
Session Management (4:41)
Cookie Based Authentication | Set-Cookie (4:23)
Cookie Based Authentication | Cookies Attach (2:20)
Cookie Based Authentication | Explore (2:50)
Cookie Attributes (3:49)
Cookie Attributes | HttpOnly (4:26)
Cookie Attributes | HttpOnly Real World Example (3:59)
Cookie Attributes | Expires/Max-Age (2:20)
Cookie Attributes | Secure (5:21)
Cookie Attributes | Secure - Real World Example (1:44)
Cookie Attributes | Domain (4:44)
Cookie Attributes | Path (4:28)
Cookie Attributes | SameSite Overview (4:31)
Cross Site vs SameSite (3:43)
Cross Site vs SameSite Challenge (3:04)
Top Level Navigation (5:34)
Embedded Content (3:37)
Requests API (4:12)
Cookie Attributes | Samesite Values (0:46)
Cookie Attributes | SameSite None (2:45)
Cookie Attributes | SameSite Strict (3:00)
Cookie Attributes | SameSite Lax (5:09)
Cookie Attributes | SameSite Summury (1:15)
Cookie Attributes | Quiz (4:30)
Cookie Attributes | SameSite Demo - Top Level Navigation (8:43)
Cookie Attributes | SameSite Demo - Embedded Content (2:20)
Cookie Attributes | SameSite Demo - API SOP/CORS (5:57)
Cookie Attributes | Bug Validity (5:24)
Cookies Attack - IDOR (4:40)
Cookies Attack- IDOR Real World Example 1 (2:51)
Cookies Attack- IDOR Real World Example 2 (3:35)
Cookie Attacks - Injections (3:21)
Cookie Attacks - Privilege Escalation (3:20)
Token Based Authentication (5:48)
Token vs Cookie-Based Authentication: Part 1 (6:21)
Token vs Cookie-Based Authentication: Part 2 (1:45)
Access Token - Facebook Live Demo (6:46)
Access Token - Spotify Live Demo (3:27)
Attacking Tokens Overview (1:20)
Token Leakage - Vulnerable Endpoints (8:33)
Token Leakage - 2FA (8:25)
Token Leakage - Real World Example (5:17)
Token Leakage - Source Code (7:58)
Accessing Admin Panel - Real World Example 1 (3:09)
Shopify Real World Example (3:21)
Token Leakage - Insecure Transmission Channel (1:53)
Attacking Tokens - Brute Force Attack (5:52)
Attacking Tokens - Privilege Escalation (13:10)
Token Expiration (6:28)
Token Expiration - Facebook (2:04)
Instagram Permanent Access - Real-world Example (8:23)
JWT (4:52)
JWT - Header and Payload (7:07)
JWT - Signature (14:59)
JWT Demo (4:01)
JWT - Burp Extensions (2:39)
JWT LAB 1 (10:15)
JWT - Header Attack (1:30)
JWT LAB 2 (3:55)
JWT Weak Key (1:10)
JWT - Automation (1:44)
JWT Real World Example (4:23)
Ending (4:58)
Chapter 4: Advanced XSS
XSS - Recap (Reflected & Stored) (8:15)
DOM-Based XSS | What is DOM ? (4:00)
DOM-Based XSS | Manipulating DOM Nodes (7:47)
DOM-Based XSS | Sources & Sinks (4:23)
DOM-Based XSS | Exploit Example (5:31)
DOM-Based XSS | DOM vs Reflected (3:04)
DOM-Based XSS | Lab 1 (6:22)
DOM-Based XSS | Lab 2 (10:21)
DOM-Based XSS | Real World Example 1 (6:04)
DOM-Based XSS | Real World Example 2 (5:47)
XSS - Quick Summary (4:34)
Advanced XSS Exploitation (4:13)
Input Validation & Output Encoding (4:45)
Lab 3 | Output Encoding - Google Translate (2:31)
Filter Evasion (4:32)
LAB 4 | Filter Evasion Challenge - I (6:26)
LAB 5 | Filter Evasion Challenge - II (4:22)
LAB 6 | Filter Evasion Challenge - III (4:19)
Content Security Policy (CSP) (4:14)
Content Security Policy (CSP) | Examples (4:36)
Content Security Policy (CSP)| Bypasses (5:44)
Lab 7 | Reflected XSS protected by CSP, With CSP Bypass (22:14)
CSP Real World Example (2:02)
Exploring CSP Validator (2:13)
Web Application Firewall (WAF) (4:35)
Lab 8 | Bypassing WAF (12:50)
WAF Bypasses Regex Advanced (6:02)
Lab 9 | Stored DOM XSS (9:24)
Lab 10 | Exploiting Clickjacking Vulnerability To Trigger DOM-Based XSS (12:54)
Lab 11 | Exploiting XSS To Perform CSRF (19:51)
Automating The Discovery of XSS (10:21)
Resources and Tricks | Ending Video (4:23)
Chapter 5: XML External Entity Injection XXE
Extensible Markup Language (XML) (7:18)
XML File (2:09)
Document Type Definition (DTD) (2:24)
DTD - Elements (4:18)
DTD - XML Internal Entities (2:48)
DTD - XML External Entities (2:09)
DTD - XML Parameter Entities (4:15)
External DTD (1:44)
XML Illegal Characters (2:07)
XML External Entity (XXE) Injection - Impact - Severity (1:52)
XXE Types: In Band XXE - Retrieve Files (7:00)
XXE | LAB 1 (5:08)
In Band XXE | SSRF (3:00)
XXE | LAB 2 (6:03)
BLIND | Out of Band XXE (4:59)
LAB 3 & LAB 4 (2:45)
OOB XXE | Exfiltrating Files (7:15)
XXE | LAB 5 (10:03)
Retrieve Special Files (7:03)
BLIND | Error Based XEE (4:13)
XXE | LAB 6 (6:57)
Controlling Part of The XML (5:07)
XXE | LAB 7 (4:02)
Real World Example 1 (3:44)
Real World Example 2 (3:17)
Where To Search For XEE? (2:27)
XXE Mitigation & Extra Resources (2:32)
Chapter 6: Information Disclosure
Introduction (6:19)
Why Information Disclosure Occurred? (3:44)
Misconfiguration (5:19)
LAB 1: Information Disclosure in Version Control History (10:28)
LAB 2: Information Disclosure on Debug Page (4:28)
Improper Error Handling - Stack Trace Error (3:08)
LAB 3: Information Disclosure in Error Messages (5:19)
Real World Example: Facebook Source Code Disclosure (2:37)
Excessive Data Exposure (6:46)
Inferring (1:36)
Inferring | Real World Example 1 (4:40)
Inferring | Real World Example 2 (5:11)
Flawed Design (2:10)
Flawed Design | Real World Example 1 (3:37)
Flawed Design | Real World Example 2 (3:17)
Leaked Information (3:39)
A Nice Catch! (5:44)
Advices (5:13)
Chapter 7: File Vulnerabilities
Getting Started (1:52)
File Upload Overview (4:11)
Understanding the HTTP Request for File Upload (12:38)
File Storage on Server (9:54)
File Storage and Retrieval (8:23)
CDN (5:48)
Facebook Upload Demo (6:54)
File Upload - General Facts (3:42)
File Execution Theory (9:20)
Localhost - Setup & Resources (7:02)
File Execution: Practical (5:14)
Question | File Execution (2:00)
Leaking Secret Files (9:55)
Hack the Website: Index Modified (8:00)
False Positive (4:18)
Execute to Read (2:46)
Shell (2:44)
Web Shell (6:49)
Web Shell Practice (4:40)
Web Shell: GitHub Example (3:29)
Obfuscating Web Shells (2:17)
RCE (3:35)
LAB | RCE via Web Shell Upload (7:39)
Mitigating File Upload: Extension (3:21)
Bypassing File Upload Extension Checks (12:02)
Null Byte Injection (2:02)
LAB | Web Shell via Obfuscated File Extension (7:52)
Mitigation: Content Type Restrictions (1:34)
LAB | Web Shell Upload via Content Type Restriction Bypass (4:34)
Metadata (3:38)
Metadata - Demo (6:43)
Metadata - Kali Linux (4:22)
LAB | RCE via polyglot web shell upload - Kali Linux (12:21)
LAB | RCE via polyglot web shell upload - Windows (3:06)
DOS (4:49)
Facebook DOS Demo - Part 1 (5:34)
Facebook DOS Demo - Part 2 (11:12)
Real World Example - DOS on HackerOne (5:19)
Path Traversal - Part 1 (6:47)
Path Traversal - Part 2 (14:33)
LAB | Path Traversal Simple Case (3:14)
Path Traversal via File Upload (3:26)
LAB | Web Shell Upload via Path Traversal (7:09)
File Upload - SQL, XSS (5:37)
Mitigation (6:51)
External Resources
End (2:37)
Proxy Tool
Lesson content locked
If you're already enrolled,
you'll need to login
.
Enroll in Course to Unlock