by Christian Martorella | Publisher: Packt Publishing | Release Date: March 2016 | ISBN: 9781785280351

Make your applications attack-proof by penetration testing with PythonAbout This VideoBecome proficient at writing your own tools to identify security vulnerabilities in web applicationsTake your first steps to becoming a security professional by getting an in-depth understanding of the process behind web application security testingSee practical examples of each phase of the web application testing process: Reconnaissance, Mapping, Vulnerability Discovery, and Vulnerability ExploitationIn DetailWith the huge growth in the number of web applications in the recent times, there has also been an upsurge in the need to make these applications secure. Web penetration testing is the use of tools and code to attack a website or web app in order to assess its vulnerabilities to external threats. While there are an increasing number of sophisticated ready-made tools to scan systems for vulnerabilities, the use of Python allows testers to write system-specific scripts, or alter and extend existing testing tools to find, exploit, and record as many security weaknesses as possible.This course will walk you through the web application penetration testing methodology, showing you how to write your own tools with Python for every main activity in the process. It will show you how to test for security vulnerabilities in web applications just like security professionals and hackers do.The course starts off by providing an overview of the web application penetration testing process and the tools used by professionals to perform these tests. Then we provide an introduction to HTTP and how to interact with web applications using Python and the Requests library. Then will follow the web application penetration testing methodology and cover each section with a supporting Python example. To finish off, we test these tools against a vulnerable web application created specifically for this course.Stop just running automated tools—write your own and modify existing ones to cover your needs! This course will give you a flying start as a security professional by giving you the necessary skills to write custom tools for different scenarios and modify existing Python tools to suit your application's needs.

1. Chapter 1 : Introduction
   • The Course Overview 00:05:58
   • Understanding Web Application Penetration Testing Process 00:07:50
   • Typical Web Application Toolkit 00:06:19
   • Testing Environment 00:06:15
2. Chapter 2 : Interacting with Web Applications
   • HTTP Protocol Basics 00:07:10
   • Anatomy of an HTTP Request 00:07:56
   • Interacting with Web Apps Using Requests Library 00:10:25
   • Analyzing the Responses 00:07:23
3. Chapter 3 : Web Crawling with Scrapy
   • Web Application Mapping 00:03:36
   • Creating a Crawler with Scrapy 00:07:57
   • Recursive Crawling 00:03:43
   • Extracting Information 00:05:24
4. Chpater 4 : Resources Discovery
   • What Is Resource Discovery? 00:04:02
   • Building Our First Brute Forcer 00:05:25
   • Analyzing the Results 00:05:17
   • Adding More Information 00:03:54
   • Taking Screenshots of the Findings 00:04:16
5. Chapter 5 : Password Testing
   • How Password Attacks Work? 00:04:57
   • Our First Password Brute Forcer 00:04:38
   • Adding Support for Digest Authentication 00:04:43
   • Form-based Authentication 00:07:08
6. Chapter 6 : Detecting and Exploiting SQL Injection Vulnerabilities
   • SQL Injection Vulnerability 00:04:50
   • Detecting SQL Injection Issues 00:08:09
   • Exploiting a SQL Injection to Extract Data 00:06:00
   • Advanced SQLi Exploiting 00:03:56
7. Chapter 7 : Intercepting HTTP Requests
   • HTTP Proxy Anatomy 00:04:07
   • Introduction to mitmproxy 00:03:54
   • Manipulating HTTP Requests 00:06:53
   • Automating SQLi in mitmproxy 00:04:38
   • Wrapping Up 00:03:55