Module 8: Introduction to Web Application Attacks

Web Application Assessment Methodology

Web Application Assessment Tools

Fingerprinting Web Servers with Nmap

Technology Stack Identification with Wappalyzer

Directory Brute Force with Gobuster

Security Testing with Burp Suite

Web Application Enumeration

Debugging Page Content

Inspecting HTTP Response Headers and Sitemaps

Enumerating and Abusing APIs

Cross-Site Scripting

Stored vs Reflected XSS Theory

JavaScript Refresher

Identifying XSS Vulnerabilities

Basic XSS

Privilege Escalation via XSS

PreviousModule 7: Vulnerability ScanningNextModule 9: Common Web Application Attacks

Last updated