CEH Module 12: Hacking Web Applications

<- Back to CEH Certification Main Page

Open Web Application Security Project (OWASP) Top 10

  • Web App Concepts
    • Introduction to Web Applications
    • How Web Applications Work?
    • Web Application Architecture
    • Web 2.0 Applications
    • Vulnerability Stack
  • Web App Threats
    • Unvalidated Input
    • Parameter/Form Tampering
    • Directory Traversal
    • Security Misconfiguration
    • Injection Flaws
    • SQL Injection Attacks
      • Command Injection Attacks
    • Command Injection Example
    • File Injection Attack
    • What is LDAP Injection?
      • How LDAP Injection Works?
    • Hidden Field Manipulation Attack
    • Cross-Site Scripting (XSS) Attacks
      • How XSS Attacks Work
      • Cross-Site Scripting Attack Scenario: Attack via Email
      • XSS Example: Attack via Email
      • XSS Example: Stealing Users' Cookies
      • XSS Example: Sending an Unauthorized Request
      • XSS Attack in Blog Posting
      • XSS Attack in Comment Field
      • Websites Vulnerable to XSS Attack
    • Cross-Site Request Forgery (CSRF) Attack
      • How CSRF Attacks Work?
    • Web Application Denial-of-Service (DoS) Attack
    • Denial of Service (DoS) Examples
    • Buffer Overflow Attacks
    • Cookie/Session Poisoning
      • How Cookie Poisoning Works?
    • Session Fixation Attack
    • CAPTCHA Attacks
    • Insufficient Transport Layer Protection
    • Improper Error Handling
    • Insecure Cryptographic Storage
    • Broken Authentication and Session Management
    • Unvalidated Redirects and Forwards
    • Web Services Architecture
    • Web Services Attack
    • Web Services Footprinting Attack
    • Web Services XML Poisoning
  • Web App Hacking Methodology
    • Footprint Web Infrastructure
      • Server Discovery
      • Service Discovery
      • Server Identification/Banner Grabbing
        • Detecting Web App Firewalls and Proxies on Target Site
      • Hidden Content Discovery
      • Web Spidering Using Burp Suite
      • Web Crawling Using Mozenda Web Agent Builder
    • Attack Web Servers
      • Hacking Web Servers
      • Web Server Hacking Tool: WebInspect
    • Analyze Web Applications
      • Identify Entry Points for User Input
      • Identify Server-Side Technologies
      • Identify Server-Side Functionality
      • Map the Attack Surface
    • Attack Authentication Mechanism
      • Username Enumeration
      • Password Attacks
        • Password Functionality Exploits
        • Password Guessing
        • Brute-forcing
      • Session Attacks: Session ID Prediction/ Brute-forcing
      • Cookie Exploitation: Cookie Poisoning
    • Authorization Attack Schemes
      • Authorization Attack
      • HTTP Request Tampering
      • Authorization Attack: Cookie ParameterTampering
    • Attack Session Management Mechanism
      • Session Management Attack
      • Attacking Session Token Generation Mechanism
      • Attacking Session Tokens Handling Mechanism: Session Token Sniffing
    • Perform Injection Attacks
      • Injection Attacks/Input Validation Attacks
    • Attack Data Connectivity
      • Connection String Injection
      • Connection String Parameter Pollution (CSPP) Attacks
      • Connection Pool DoS
    • Attack Web App Client
    • Attack Web Services
      • Web Services Probing Attacks
      • Web Service Attacks
        • SOAP Injection
        • XML Injection
      • Web Services Parsing Attacks
      • Web Service Attack Tool: soapUI and XMLSpy
  • Web Application Hacking Tools
    • Web Application Hacking Tools
      • Burp Suite Professional
      • CookieDigger
      • WebScarab
    • Web Application Hacking Tools
  • Countermeasures
    • Encoding Schemes
    • How to Defend Against SQL Injection Attacks?
    • How to Defend Against Command Injection Flaws?
    • How to Defend Against XSS Attacks?
    • How to Defend Against DoS Attack?
    • How to Defend Against Web Services Attack?
    • Guidelines for Secure CAPTCHA Implementation
    • Web Application Countermeasures
    • How to Defend Against Web Application Attacks?
  • Security Tools
    • Web Application Security Tool
      • Acunetix Web Vulnerability Scanner
      • Watcher Web Security Tool
      • Netsparker
      • N-Stalker Web Application Security Scanner
      • VampireScan
    • Web Application Security Tools
    • Web Application Firewall
      • dotDefender
      • ServerDefender VP
    • Web Application Firewall
  • Web App Pen Testing
    • Web Application Pen Testing
      • Information Gathering
      • Configuration Management Testing
      • Authentication Testing
      • Session Management Testing
      • Authorization Testing
      • Data Validation Testing
      • Denial of Service Testing
      • Web Services Testing
      • AJAX Testing
    • Web Application Pen Testing Framework
      • Kali Linux
      • Metasploit
      • Browser Exploitation Framework (BeEF)
      • PowerSploit

<- Back to CEH Certification Main Page

RELATED COURSES