Fundamentals of web application security and ethical hacking.

In this learning path, we focus on ethical hacking of web applications.

We start with the basics, installing various tools, learning how to use Linux, learning about computer networks, HTTP protocol, programming, web applications and databases.

After that, we go through different attacks and practice them safely in Hakatemia's lab environment.

What is ethical hacking?

Important warning

Intro

Linux operating system

Linux Command Line - video

First touch to the command line

Navigating the command line

Creating directories

Creating and editing files

Controlling the output

Moving files and folders

Deleting files and folders

File system permissions

Linux basics - Practice

Linux command line

How the Internet works - video

The beginning of the Internet

The structure of information networks

Internet addresses

Client-server model

Data networks

BurpSuite: installation and usage video

A few words about tools

BurpSuite: Installation

First touch with BurpSuite

Kali Linux virtualization video

Installation and use of tools

Browser side and server side

URL structure

HTTP protocol

HTTP methods

HTTP headers

HTTP status codes

Cookies

HTML markup language

JavaScript

Let's build a simple website

Website basics

Hello world

Variables

Arithmetic

Input

Data types

Conditional sentences

Imports and Random numbers

Lists

A while loop

A for loop

Functions

Python Programming

Python and Flask

HTML Basics

Processing of HTML Forms

SQL Basics

Database connections

Login, session management and access management

Backend basics

Vulnerabilities

Hack into a website

First exposure to vulnerabilities

BurpSuite - Proxy

BurpSuite - Scope

BurpSuite - Repeater

BurpSuite - Decoder

BurpSuite - Comparer

BurpSuite - Logger

BurpSuite - Organizer

BurpSuite - Extensions

BurpSuite - Session Manager

BurpSuite - Community

What are command injections?

Command injection - exercise

Introduction to Command Injection Attacks

What are SQL Injections?

(MySQL) Changing WHERE clauses to bypass authentication (specific user)

(MySQL) Modifying WHERE clauses to bypass authorization

(MySQL) Using the UNION technique to steal data

Introduction to SQL Injection Attacks

What are XXE attacks?

XXE SSRF

Introduction to XXE Attacks

What is JavaScript?

Use of JavaScript in an HTML Document

JavaScript Variables and Values

JavaScript Operators

JavaScript Conditional Statements

JavaScript Loops

JavaScript Functions

JavaScript Fetch and XHR

JavaScript DOM (Document Object Model)

JavaScript basics

What are Cross-Site Scripting Vulnerabilities?

Stored XSS and stealing session cookies

Bleeding of cookies over the network

Introduction to XSS Attacks

Dictionary Attack

Credential Stuffing attacks in data breaches

Guessing OTP codes using brute force technology

Introduction to Password Attacks

Access control - Often the Weakest Link in Application Security

Introduction to access control vulnerabilities

Insecurely constructed URLs or URL injection

Introduction to URL Injection Attacks

JWT Tokens

Do Not Check This Token Thanks - JWT's Notorious 'None' Algorithm

JWT and Encryption Key Cracking

Introduction to JWT Attacks

What are deserialization attacks?

Introduction to Deserialization Attacks

What are Template Injections (SSTI)?

Python Jinja2 Template Injections

Introduction to Template Injection Attacks

Web Hacking Fundamentals