Get Mystery Box with random crypto!

_I2DWgo 117. Understanding referer header in depth using Cisco | Ethical Hacking Tutorials

_I2DWgo
117. Understanding referer header in depth using Cisco product -


118. Introduction to ASP.NET viewstate -


119. ASP.NET viewstate in depth -


120. Analyse sensitive data in ASP.NET viewstate - https://msdn.microsoft.com/en-us/library/ms972427.aspx?f=255&MSPPError=-2147217396
121. Cross-origin-resource-sharing explanation with example -


122. CORS demo 1 -


123. CORS demo 2 -


124. Security headers -


125. Security headers 2 -


Phase 8 – Attacking authentication/login
126. Attacking login panel with bad password - Guess username password for the website and try different combinations
127. Brute-force login panel -


128. Username enumeration -


129. Username enumeration with bruteforce password attack -


130. Authentication over insecure HTTP protocol -


131. Authentication over insecure HTTP protocol -


132. Forgot password vulnerability - case 1 -


133. Forgot password vulnerability - case 2 -


134. Login page autocomplete feature enabled -


135. Testing for weak password policy - https://www.owasp.org/index.php/Testing_for_Weak_password_policy_(OTG-AUTHN-007)
136. Insecure distribution of credentials - When you register in any website or you request for a password reset using forgot password feature, if the
website sends your username and password over the email in cleartext without sending the password reset link, then it is a vulnerability.
137. Test for credentials transportation using SSL/TLS certificate -


138. Basics of MySQL -


139. Testing browser cache -


140. Bypassing login panel -case 1 -


141. Bypass login panel - case 2 -



Phase 9 - Attacking access controls (IDOR, Priv esc, hidden files and directories)
Completely unprotected functionalities
142. Finding admin panel -


143. Finding admin panel and hidden files and directories -


144. Finding hidden webpages with dirbusater -


Insecure direct object reference
145. IDOR case 1 -


146. IDOR case 2 -


147. IDOR case 3 (zomato) -


Privilege escalation
148. What is privilege escalation -


149. Privilege escalation - Hackme bank - case 1 -


150. Privilege escalation - case 2 -


Phase 10 – Attacking Input validations (All injections, XSS and mics)
HTTP verb tampering
151. Introduction HTTP verb tampering -


152. HTTP verb tampering demo -


HTTP parameter pollution
153. Introduction HTTP parameter pollution -


154. HTTP parameter pollution demo 1 -


155. HTTP parameter pollution demo 2 -


156. HTTP parameter pollution demo 3 -


XSS - Cross site scripting
157. Introduction to XSS -

Next Message
telegram-store.com © 2016-2024
Non official site about Telegram
All rights reserved. Copying and using of full materials is prohibited, partial quoting is possible only with a hyperlink to the site telegram-store.com.