Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

Pluralsight

Web Application Penetration Testing: Input Validation

via Pluralsight

Overview

In this course, you’ll learn how to test for input validation in web applications. The majority of attacks on web applications are related to improper input validation and that’s the reason why this subject is interesting for penetration testers.

Improper input validation can lead to very severe consequences. In this course, Web Application Penetration Testing: Input Validation, you will learn how to test for input validation in modern web applications. First, you will learn about a cross-site scripting attack and AngularJS template injection. You will see how the attacker can steal a user’s password as a result of a cross-site scripting attack. I will also present how the attacker can proceed from AngularJS template injection to cross-site scripting. Next, you will explore XML external entity attacks and HTTP parameter pollution. You will see how the attacker can read the content of sensitive files from the web server as a result of an XML external entity attack. You will also see how the attacker can bypass authorization as a result of HTTP parameter pollution. Finally, you will discover SQL injection and Insecure Direct Object Reference. You will see how the attacker can bypass password verification as a result of SQL injection. You will also see how the attacker can gain unauthorized access to the account of another user as a result of Insecure Direct Object Reference. By the end of this course, you will know how to test for input validation in modern web applications and how to provide countermeasures for different types of attacks related to improper input validation.

Syllabus

  • Course Overview 2mins
  • Testing for Cross-Site Scripting and AngularJS Template Injection 16mins
  • Testing for XML External Entity Attack and HTTP Parameter Pollution 16mins
  • Testing for SQL Injection and Insecure Direct Object Reference 15mins

Taught by

Dawid Czagan

Reviews

4.4 rating at Pluralsight based on 34 ratings

Start your review of Web Application Penetration Testing: Input Validation

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.