2021-04-27 18:55:28
_I2DWgo
117. Understanding referer header in depth using Cisco product -
118. Introduction to ASP.NET viewstate -
119. ASP.NET viewstate in depth -
120. Analyse sensitive data in ASP.NET viewstate - https://msdn.microsoft.com/en-us/library/ms972427.aspx?f=255&MSPPError=-2147217396
121. Cross-origin-resource-sharing explanation with example -
122. CORS demo 1 -
123. CORS demo 2 -
124. Security headers -
125. Security headers 2 -
Phase 8 – Attacking authentication/login
126. Attacking login panel with bad password - Guess username password for the website and try different combinations
127. Brute-force login panel -
128. Username enumeration -
129. Username enumeration with bruteforce password attack -
130. Authentication over insecure HTTP protocol -
131. Authentication over insecure HTTP protocol -
132. Forgot password vulnerability - case 1 -
133. Forgot password vulnerability - case 2 -
134. Login page autocomplete feature enabled -
135. Testing for weak password policy - https://www.owasp.org/index.php/Testing_for_Weak_password_policy_(OTG-AUTHN-007)
136. Insecure distribution of credentials - When you register in any website or you request for a password reset using forgot password feature, if the
website sends your username and password over the email in cleartext without sending the password reset link, then it is a vulnerability.
137. Test for credentials transportation using SSL/TLS certificate -
138. Basics of MySQL -
139. Testing browser cache -
140. Bypassing login panel -case 1 -
141. Bypass login panel - case 2 -
Phase 9 - Attacking access controls (IDOR, Priv esc, hidden files and directories)
Completely unprotected functionalities
142. Finding admin panel -
143. Finding admin panel and hidden files and directories -
144. Finding hidden webpages with dirbusater -
Insecure direct object reference
145. IDOR case 1 -
146. IDOR case 2 -
147. IDOR case 3 (zomato) -
Privilege escalation
148. What is privilege escalation -
149. Privilege escalation - Hackme bank - case 1 -
150. Privilege escalation - case 2 -
Phase 10 – Attacking Input validations (All injections, XSS and mics)
HTTP verb tampering
151. Introduction HTTP verb tampering -
152. HTTP verb tampering demo -
HTTP parameter pollution
153. Introduction HTTP parameter pollution -
154. HTTP parameter pollution demo 1 -
155. HTTP parameter pollution demo 2 -
156. HTTP parameter pollution demo 3 -
XSS - Cross site scripting
157. Introduction to XSS -
146 views15:55