วีดีโอ

Bro you are great. This means a lot. That's a lot of information for me . Thankyou

where can find tools that u using in this course

can you please provide sql injection link, i can't find it

NEO was a hacker

This video is great

hey man! you're really good just case d you have a course on Udemy? Let me know so you can buy your staff !! Super Great Video!!!!! Best

Please refrain from using the background music. Thanks!

Thank you

Walker Edward Harris Linda Taylor Donna

Lewis Ronald Thomas Larry Martin Betty

Johnson Larry Thomas Amy Robinson Christopher

Thank you for this excellent course but maybe change the background dark.

why in windows? 2:43 - 2:52 is repiting

keyturion is good keylogger

Thank you

javascript in browsers cant execute powershell, fix your videos.

for you many beer today

00:03 High prevalence of serious security vulnerabilities in web applications 02:38 Highlighting the significant costs of a security breach 07:26 Attacks against web applications can lead to larger security risks beyond just the web app itself 09:53 Understanding web application conventions and query strings 14:34 Understanding the significance of HTTP verbs in request construction. 17:12 REST-based pattern and HTTP verbs are commonly used for APIs and can lead to vulnerabilities. 21:25 Browsers offer protections for users 23:38 Browsers protect users from invalid certificates by blocking access to the site. 28:04 Browsers are getting better at defending against XSS vulnerabilities. 30:19 Browsers have limitations in defending against certain cyber attacks. 34:44 Web application security incidents can have serious consequences. 36:57 Spidering in web application testing is crucial for reconnaissance and footprinting 41:00 Discovering sensitive information through spidering 43:10 Forced browsing helps in understanding application structure 47:16 Forced browsing involves brute forcing and making many requests to explore application paths 49:21 Forced browsing yields mostly negative results, but HTTP 200 results are interesting. 53:41 Web application vulnerability allows remote file retrieval. 55:53 Directory Traversal identification can provide useful insights on the underlying system 1:00:15 Nmap is conducting detailed scans to discover open ports, initiate OS detection, and run trace routes. 1:02:18 Discovering server fingerprinting and development artifacts 1:06:44 Web services and web applications are similar, but web services are not necessarily intended to be human readable. 1:08:52 Utilize self-documenting APIs for finding hidden features 1:13:24 Showdown tool can be used to find at-risk systems, like those vulnerable to SQL injection in Drupal 7. 1:15:37 Reconnaissance and footprinting are crucial for gathering information in web application penetration testing 1:20:02 Untrusted data sources in web application penetration testing 1:22:14 Attacker manipulation through routing and HTTP verbs 1:26:40 Fiddler is a useful HTTP proxy for testing web application security. 1:28:40 Demonstrating parameter tampering in web application testing. 1:32:56 Changing hidden form field values can lead to serious security vulnerabilities 1:35:04 Mass Assignment Attack 1:39:18 Cookie poisoning involves tampering with untrusted data in the form of cookies. 1:41:33 Cookie poisoning and Insecure Direct Object References 1:45:49 Changed someone else's name due to an insecure direct object reference risk 1:48:07 Verify identity independently and on the server to prevent data manipulation. 1:52:35 Validation of untrusted data is crucial to prevent system tampering. 1:54:49 Untrusted data reflection and potential system vulnerabilities 1:59:05 Explaining XSS attack using cookies 2:01:11 Explaining reflected cross-site scripting attack 2:05:26 Exploring cross-site scripting risk via DNS records 2:08:08 Defending against XSS attacks involves data validation and encoding for the right context. 2:12:33 Exploring XSS attacks and evasion techniques 2:14:40 Evasion techniques in Web Application Penetration Testing 2:18:49 Bypassing client side controls by registering directly to the server with modified data. 2:21:02 Client-side validation is important but can be circumvented easily 2:25:34 Importance of using Transport Layer Security for login forms 2:27:48 Using Fiddler script to intercept and modify HTTP traffic 2:32:03 CSRF attacks exploit authenticated users 2:34:04 Attackers can exploit the browser's automatic sending of valid cookies to make requests on behalf of the user. 2:38:37 Challenges in client-side attack detection 2:40:48 Antiforgery tokens are critical for protecting against CSRF attacks. 2:45:14 Password reset process required only username and birth date for verification. 2:47:21 Poor identity management examples in login process 2:51:43 Identity enumeration vulnerability demonstrated through password reset process 2:53:55 Website enumeration can lead to serious privacy violations. 2:58:14 Understanding login timing can reveal account existence. 3:00:19 Identity management plays a crucial role in cybersecurity 3:04:46 Email enumeration is a crucial risk to defend against 3:07:00 Timing analysis to determine account existence 3:11:09 Vulnerabilities in remember me implementation 3:13:19 Importance of access controls in preventing denial of service attacks 3:17:56 Prevent denial of service attacks by utilizing email-based password reset functionality 3:20:16 Handling multiple failed login attempts to prevent denial of service attacks 3:24:34 Understanding the nature of distributed denial of service attacks 3:26:42 DDOS attacks are volumetric and globally distributed 3:31:14 DDOS attacks using tool L and its impact on websites 3:33:23 DDoS attacks are easily executed using simple tools and can be highly impactful, often involving crowd-sourcing and utilizing botnets or cloud-based services. 3:38:34 DDOS attacks can target specific features of web applications to cause high overhead. 3:40:47 Understanding the impact of DDOS attacks on database queries 3:45:09 Identifying application behavior and information leakage 3:47:21 Improper error handling leading to SQL injection risk 3:51:46 Web application hashes and salts passwords for secure login process 3:53:50 Database leaked salts and shaan hashes can be cracked using software 3:58:21 Hashcat can compute hashes at incredibly high speeds 4:00:32 The importance of making password hashes slow 4:04:59 Unvalidated redirect and forward exploit the trust in a website's domain to serve malicious content. 4:07:09 Unvalidated redirects and forwards can lead to malicious actions. 4:11:38 Conducting a carefully crafted Google search exposes sensitive internal information on live production websites. 4:13:53 Rising importance of web services for connected devices 4:18:15 APIs behind rich client apps have unique security risks 4:20:16 Developers often neglect the ability to tamper with parameters, leading to incorrect assumptions about integrity. 4:24:35 Risks of depending on Internet services

Blasting music after

Thank your lerson today i think lerner very with your lerson .

Question in an environment where I would be trying to use the smb psexec exploit as in the 54min mark. How would I know the SMB USER, SMBPass and SMBDOMAIN?

can anyone tell who is the creator of this course?

good video but the quality of video aren't good , thank very much for the work

Do you have plan to add more videos in field of security?

If i was to pay for your help with hacking an account would that be possible..

Wow, really such a good channel. ❤🎉 Why is this channel not popular?

this is good thanks but it doesn't talk much about evading honeypots...

Amazing, I was browsing LinkedIn when I came across a vacancy that had tenable prerequisites, on TH-cam I found the video, do you have LinkedIn?

😊🎉🎉

Still can we create account to perform digital labs..? I have created an account and I can see the courses like cloudagent, container security but I dont see any digital labs. Please help me with that. Thanks

Excellent video

Can you pls provide the link for sql injection as I cannot find it

thanks!!

I am not able to create an account

Then why are you using generic hacker clips

I love the istock watermark 😂

Hey there, I have some questions... let's say I want to session hijack someone's social media like IG or FB... Now, I know that I'm gonna need their session ID to gain access. Is it possible to get the session Id without letting them known? Or how to actually get there session Id? by sniffing, xss, and few other way I know of.. but is it possible to not do any of them and still get the SID?.. i know it's a big comment...but plz reply....🙂 main Q: what's the simplest method to get targeted person's session Id without having to interact with them?

Thank you so much. Your voice and way of explaining is amazing. I can easily understand Thank You.

Can i watch this to learn bug bounty?

Do you have a full course for SSCP? Please share link

Where is the full course?

e ar

toda

where is the hack yourself first course buddy?😶

Where is the zip file?

brilliant content, but I cant find the API course or some of the others you mention.? Im watching the session hijacking course to, you explain things really well and have filled in a lot of gaps for me!!

Is it a complete web application penetration testing course?? Or do I need to do anything else apart from this course ????

Thank You for this Amazing Content