Learning Python Web Penetration Testing [Video]

Learning Python Web Penetration Testing [Video]

This video is included in a Mapt subscription
Christian Martorella

4 customer reviews
Make your applications attack-proof by penetration testing with Python
$0.00
$22.50
$29.99p/m after trial
RRP $74.99
Subscription
Video
Start 30 Day Trial
Subscribe and access every Packt eBook & Video.
 
  • 5,000+ eBooks & Videos
  • 50+ New titles a month
  • 1 Free eBook/Video to keep every month
Start Free Trial
 
Preview in Mapt

Video Details

ISBN 139781785280351
Course Length2 hours and 50 minutes

Video Description

With the huge growth in the number of web applications in the recent times, there has also been an upsurge in the need to make these applications secure. Web penetration testing is the use of tools and code to attack a website or web app in order to assess its vulnerabilities to external threats. While there are an increasing number of sophisticated ready-made tools to scan systems for vulnerabilities, the use of Python allows testers to write system-specific scripts, or alter and extend existing testing tools to find, exploit, and record as many security weaknesses as possible.

This course will walk you through the web application penetration testing methodology, showing you how to write your own tools with Python for every main activity in the process. It will show you how to test for security vulnerabilities in web applications just like security professionals and hackers do.

The course starts off by providing an overview of the web application penetration testing process and the tools used by professionals to perform these tests. Then we provide an introduction to HTTP and how to interact with web applications using Python and the Requests library. Then will follow the web application penetration testing methodology and cover each section with a supporting Python example. To finish off, we test these tools against a vulnerable web application created specifically for this course.

Stop just running automated tools—write your own and modify existing ones to cover your needs! This course will give you a flying start as a security professional by giving you the necessary skills to write custom tools for different scenarios and modify existing Python tools to suit your application’s needs.

Style and Approach

With a pragmatic approach to learning, this video course will help you build different web application security testing tools. With each section building on the knowledge of the previous section, this course will help you to smartly assess the security needs of your apps.

Table of Contents

Introduction
The Course Overview
Understanding Web Application Penetration Testing Process
Typical Web Application Toolkit
Testing Environment
Interacting with Web Applications
HTTP Protocol Basics
Anatomy of an HTTP Request
Interacting with Web Apps Using Requests Library
Analyzing the Responses
Web Crawling with Scrapy
Web Application Mapping
Creating a Crawler with Scrapy
Recursive Crawling
Extracting Information
Resources Discovery
What is Resource Discovery?
Building Our First Brute Forcer
Analyzing the Results
Adding More Information
Taking Screenshots of the Findings
Password Testing
How Password Attacks Work?
Our First Password Brute Forcer
Adding Support for Digest Authentication
Form-based Authentication
Detecting and Exploiting SQL Injection Vulnerabilities
SQL Injection Vulnerability
Detecting SQL Injection Issues
Exploiting a SQL Injection to Extract Data
Advanced SQLi Exploiting
Intercepting HTTP Requests
HTTP Proxy Anatomy
Introduction to mitmproxy
Manipulating HTTP Requests
Automating SQLi in mitmproxy
Wrapping Up

What You Will Learn

  • Understand the web application penetration testing methodology and toolkit
  • Interact with web applications using Python and the Requests library
  • Write a web crawler/spider with the Scrapy library
  • Create an HTTP bruteforcer based on Requests
  • Create a Password bruteforcer for Basic, NTLM, and Forms authentication
  • Detect and exploit SQL injections vulnerabilities by creating a script all by yourself
  • Intercept and manipulate HTTP communication using Mitmproxy

Authors

Table of Contents

Introduction
The Course Overview
Understanding Web Application Penetration Testing Process
Typical Web Application Toolkit
Testing Environment
Interacting with Web Applications
HTTP Protocol Basics
Anatomy of an HTTP Request
Interacting with Web Apps Using Requests Library
Analyzing the Responses
Web Crawling with Scrapy
Web Application Mapping
Creating a Crawler with Scrapy
Recursive Crawling
Extracting Information
Resources Discovery
What is Resource Discovery?
Building Our First Brute Forcer
Analyzing the Results
Adding More Information
Taking Screenshots of the Findings
Password Testing
How Password Attacks Work?
Our First Password Brute Forcer
Adding Support for Digest Authentication
Form-based Authentication
Detecting and Exploiting SQL Injection Vulnerabilities
SQL Injection Vulnerability
Detecting SQL Injection Issues
Exploiting a SQL Injection to Extract Data
Advanced SQLi Exploiting
Intercepting HTTP Requests
HTTP Proxy Anatomy
Introduction to mitmproxy
Manipulating HTTP Requests
Automating SQLi in mitmproxy
Wrapping Up

Video Details

ISBN 139781785280351
Course Length2 hours and 50 minutes
Read More
From 4 reviews

Read More Reviews

Recommended for You

Advanced Functional Data Structures and Algorithms [Video] Book Cover
Advanced Functional Data Structures and Algorithms [Video]
$ 124.99
$ 37.50
Finishing Touches on the Game [Video] Book Cover
Finishing Touches on the Game [Video]
$ 124.99
$ 37.50
Build scalable applications with Apache Kafka [Video] Book Cover
Build scalable applications with Apache Kafka [Video]
$ 124.99
$ 37.50
Building Data Streaming Applications with Apache Kafka Book Cover
Building Data Streaming Applications with Apache Kafka
$ 35.99
$ 18.00