Autoplay
Autocomplete
Previous Lesson
Complete and Continue
WETH-301: Web Security Practitioner
Getting Started
Welcome to "WETH-301"
Understanding Course Roadmap
Exploring Course Contents
Objectives and Benefits of this Course
Chapter 1: Advanced HTTP Attacks
HTTP Verb Tampering | Overview
HTTP Verb Tampering | Impact
HTTP Request Methods | Deep Dive
HTTP Verb Tampering | Mitigation
HTTP Host Header | Overview
Target IP address vs. Host Header | Live Demo
HTTP Host Header Attack | Overview
HTTP Host Header Attack | Explained
HTTP Host Header Attack | Methodology
Lab 1: Password Reset Poisoning
Lab 2: Web Cache Poisoning
Lab 3: Exploiting Classic Server-Side Vulnerabilities
Lab 4: Bypassing Authentication
Lab 5: Virtual Host Brute-Forcing
Lab 6: Routing-based SSRF
Real World Example | Host Header Attack - Google
Real World Example | Host Header Attack - Account Takeover
HTTP Host Header Attack | Mitigation
Carriage Return and Line Feed (CRLF) - Overview
CRLF Injection | Explained
CRLF Injection | Log Poisoning
CRLF Injection | HTTP Response Splitting
Real World Example | CRLF Injection - Github
Real World Example | CRLF Injection - Microsoft
Real World Example | CRLF Injection - Twitter
CRLF Injection | Payloads
CRLF Injection | Resources
CRLF Injection | Tools
CRLF Injection | Mitigation
HTTP Request Smuggling | Overview
HTTP Request Smuggling | Explained
Lab 7: HTTP Request Smuggling | CL.TE vulnerability - Differential Responses
Lab 8: HTTP Request Smuggling | TE.CL vulnerability - Differential Responses
Lab 9: HTTP Request Smuggling | CL.TE vulnerability - Bypass Front-End Security Controls
Lab 10: HTTP Request Smuggling | TE.CL vulnerability - Bypass Front-End Security Controls
Lab 11: HTTP Request Smuggling | Front-End Request Rewriting
Lab 12: HTTP Request Smuggling | Web Cache Poisoning
Lab 13: HTTP Request Smuggling | Web Cache Deception
Real World Example | HTTP Request Smuggling - Apple
Real World Example | HTTP Request Smuggling - Slack
Real World Example | HTTP Request Smuggling - Zomato
HTTP Request Smuggling | Mitigation
Chapter 2: GraphQL API Vulnerabilities
Recap: REST API
Understanding GraphQL
GraphQL Advantages
Live Exploring GraphQL Facebook.com and Hackerone.com
GraphQL vs Rest API
GraphQL Schema
GraphQL Queries
GraphQL Mutations
GraphQL Fields
GraphQL Objects
GraphQL Arguments
GraphQL Variables
GraphQL Aliases
GraphQL Fragments
GraphQL Subscriptions
GraphQL Introspection
Practicing GraphQL Query
GraphQL Vulnerabilities Overview
GraphQL Endpoints
GraphQL Vulnerabilities | IDOR & Business Logic
GraphQL Vulnerabilities | Information Disclosure
GraphQL Vulnerabilities | Brute Forcing
GraphQL Vulnerabilities | CSRF
GraphQL Vulnerabilities | Other Common Attacks
GraphQL Tools & Extension
Live Exploring and Testing GraphQL endpoints
LAB1 : Accessing private GraphQL posts
LAB2 : Accidental exposure of private GraphQL fields
LAB3 : Finding a hidden GraphQL endpoint
LAB4 : Bypassing GraphQL brute force protections
LAB5 :Performing CSRF exploits over GraphQL
Real World Example: Private Follower/Following Facebook List
Real World Example: Facebook Page Username
Chapter 3: Web Cache Deception and Web Cache Poisoning
Web Cache | Overview
Web Cache | Functionality
Web Cache | Content Delivery Network (CDN)
Web Cache | Load Balancer
Web Cache | Reverse Proxies
Web Cache | Response Headers
Web Cache | Live Demo
Web Cache Deception | Overview
Web Cache Deception | Impact
Web Cache Deception | Explained
Real World Example | Web Cache Deception - PayPal
Real World Example | Web Cache Deception - ChatGPT
Real World Example | Web Cache Deception - Expedia Group
Web Cache Deception | Mitigation
Web Cache Deception | Payloads
Web Cache Deception | Resources
Web Cache Poisoning | Overview
Web Cache Poisoning | Explained
Lab 1: Web Cache Poisoning - Unkeyed Header
Lab 2: Web Cache Poisoning - Unkeyed Cookie
Lab 3: Web Cache Poisoning - Multiple Headers
Lab 4: Web Cache Poisoning - Unknown Headers
Lab 5: Web Cache Poisoning - Exploiting Dom XSS
Lab 6: Web Cache Poisoning - Combining Vulnerabilities
Real World Example | Web Cache Poisoning - HackerOne
Real World Example | Web Cache Poisoning - Tesla
Real World Example | Web Cache Poisoning - PayPal
Web Cache Poisoning - Mitigation
Chapter 4: Command Injection and Remote Code Execution (RCE)
Command Injection
Command Injection | Impacts
Command Injection | Shell Metacharacters
Command Injection | Linux and Windows Commands
Command Injection | Types
Command Injection | In-Band
Command Injection | Blind
OS Commands | Payloads
Lab 1: OS Command Injection
Lab 2: Blind OS Command Injection - Time Delays
Lab 3: Blind OS Command Injection - Output Redirection
Real World Example | Command Injection - Apple
Remote Code Execution | Overview
Code Execution | Explained
Remote Code Execution | Explained
Remote Code Execution | Causes
Web Shell - Reverse Shell | Explained
Lab 4: Remote Code Execution - Web Shell Upload
Lab 5: Remote Code Execution - Polyglot Web Shell Upload
Real World Example | RCE - Facebook
Real World Example | RCE - Google
Real World Example | RCE - Google Cloud
Real World Example | RCE - Apple
Real World Example | RCE - Shopify
Real World Example | RCE - Apache - Log4Shell
Remote Code Execution - Mitigation
Command Injection vs. Remote Code Execution | Difference
Chapter 5: Server-Side Template Injection (SSTI)
Web Template Engine | Overview
Web Template Engine | Explained
Template Injections | Overview
Template Injections | Deep Dive
Server-Side Template Injection | Attack
Server-Side Template Injection | Methodology
Server-Side Template Injection | Payloads
Server-Side Template Injection | Resources
Lab 1: Server-Side Template Injection | Basic Injection
Lab 2: Server-Side Template Injection | Code Context
Lab 3: Server-Side Template Injection | Documentation
Real World Example | Server-Side Template Injection To RCE - Uber
Real World Example | Server-Side Template Injection - Shopify
Real World Example | Server-Side Template Injection To Stored XSS - Uber
Server-Side Template Injection | Mitigation
Chapter 6: PostMessage Vulnerabilities
Javascript Overview
Javascript Functions
Javascript Events Listener
Javascript Iframes
Recap:Cross Origin Communication
postMessage Definition
postMessage Usage
postMessage Flow
postMessage Send Message Script
postMessage Receive Message Script
postMessage Params
Live Exploring
postMessage Vulnerability
postMessage Exploiting XSS
postMessage Mitigation
Origin Bypass
Advanced Bypass
Trigger postMessage: Tools & Extensions
Real World Example: Facebook Account Takeover
Real World Example: Shopify Shop
Real World Example: DOM XSS via postMessage in Facebook
Real World Example:Reflected XSS using postMessage-Playstation Website
Chapter 7: Advanced Web Authentication and Authorization Attacks
Recap: Authorization and Authentication
Understanding Third Party Access
Live Exploring Third Party Access
OAuth Overview
Live Exploring OAuth
OAuth Workflow Overview
OAuth Grant Types
OAuth Authorization Code Grant
OAuth Implicit vs Code Grant Flows
OAuth Implicit Grant
OAuth Scopes
OAuth API Calls
OAuth Access Token
Live Exploring: Facebook OAuth Flows
Live Exploring: OAuth Requests
OAuth Vulnerabilities Overview
OAuth Client Application Vulnerabilities
Lab 1: Authentication bypass via OAuth implicit flow
OAuth Scope Validation
OAuth CSRF Attack
Lab 2: Forced OAuth profile linking
OAuth Attacking Redirect URI
OAuth Advanced Redirect URI Bypass
Lab 3: OAuth Account Hijacking - redirect_uri
Lab 4: Stealing OAuth Access Tokens -Open Redirect
OAuth Attack Mitigation
Real World Example: Account Takeover in Zomato
Real World Example: Leaking Uber's FB OAuth Token
Real World Example: Leaking Sensitive Information GRAB
OpenID Connect Overview
OpenID Connect Roles
OpenID Connect Claims and Scopes
OpenID ID Token
OpenID Connect Vulnerabilities
Lab 5: SSRF via OpenID Dynamic Client Registration
JWT | Overview
JWT | Role
JWT | Format
JWT | Signature
Live Exploring | JWT
JWT Debugger
JWT Attacks Overview
JWT Attack: Signature Verification
JWT Attack: Attacking Secret Key
JWT Attack: Header Injections
JWT Attack: Algorithm Confusion
JWT Testing Known Vulnerabilities - CVE
Lab 6: JWT Authentication Bypass
Lab 7: JWT Authentication Bypass - Flawed Signature Verification
Lab 8: JWT Authentication Bypass - Flawed Signature Verification
Lab 9: JWT Authentication Bypass - jwk Header Injection
Real World Example: Zendesk Client-Side JWT Generation
Chapter 8: Code Review
Black-Box vs White-Box Testing
Code Review Overview
Code Review Importance
Code Review Requirements
Code Review Methodology
Manual Code Review
Automated Code Review
Code Review Tools
Client-Side Code
Client Side:Common Code Review Practice
Live Exploring Client Side Code
Client Side: Spot Vulnerabilities
Server-Side Code
Server-Side Common Code Review Practice
Live Exploring Server-Side Code
Third-Party Libraries and Frameworks
Open Source
Code Review X (aka Twitter)
Reverse Engineer Mobile App
Code Review TikTok Mobile App
Github Code Review
Signatures of Common Vulnerabilities
Code Review: IDOR
Code Review: XSS
Code Review: File Upload
Code Review: CSRF
Code Review: Weak Hashing
Code Review: Input Validation
Code Review: URL Directions
Code Review: RCE
Code Review: Brute Force
Code Review: Authentication & Authorization
Secure Coding Guidelines
Code Review: Tips & Tricks
Real World Example: SSRF in Facebook by doing Code Review
Code Review FAQ
Chapter 9: Vulnerabilities in Mobile App APIs
Android Package Kit (APK) | Overview
SSL Pinning in Android | Explained
Frida and Objection | Overview
Frida and Objection | Download
Frida and Objection | Setup Environment
Android Emulator | Download
Android Emulator | Setup
Burp Suite and Android Emulator | Setup
Objection | Live Demo
Hooking Android Mobile Apps
Intercepting Facebook Mobile App Requests | Live Demo
Intercepting Instagram Mobile App Requests | Live Demo
Intercepting Threads Mobile App Requests | Live Demo
Intercepting TikTok Mobile App Requests | Live Demo
iOS Mobile Apps Interception | Overview
Chapter 10: Beyond Code
Recap: Web Pentest and Bug Hunting
Web Pentest | Methodology
Web Pentest | Lifecycle
Web Pentest | Proposal Overview
Web Pentest | Writing Proposal
Web Pentest | Pricing
Web Pentest | Reporting
Web Pentest | Checklist
Web Pentest | NDA
Web Pentest | Career
Bug Bounty | Process
Bug Bounty | Real Reports Process Examples
Bug Bounty | Private Programs
Bug Bounty | Swags and Events
Bug Bounty | Writing Best Quality Report
Bug Bounty | NDA
Community Engagement
What's Next?!
Server-Side Code
Lesson content locked
If you're already enrolled,
you'll need to login
.
Enroll in Course to Unlock