PLU | Web Application Penetration Testing: Session Management Testing (2018 EN)

Discussion in 'Information Technology' started by Kanka, Jul 22, 2019.

  1. Kanka

    Kanka Well-Known Member Loyal User

    Messages:
    16,086
    Likes Received:
    446
    Trophy Points:
    83
    [​IMG]

    Company: Pluralsight
    Author: Clark Voss
    Full Title: Web Application Penetration Testing: Session Management Testing
    Year: 2018
    Language: English
    Genre: Educational: Web Development
    Skill Level: Intermediate
    Price: -
    -
    Files: MP4
    Time: 02:00:45
    Video: AVC, 1280 x 720 (1.778) at 30.000 fps, 450 kbps
    Audio: AAC at 63 Kbps, 2 channels, 44.1 KHz



    Learn what to look for while penetration testing session management using OWASP principles including brute-forcing, taking advantage of poorly implemented session fixation, and POST and GET requests implemented incorrectly to find weak spots.

    Poorly implemented session management can allow an attacker to exploit poor controls and gain access to sensitive information. In Web Application Penetration Testing: Session Management Testing, you’ll learn how to find those vulnerabilities before the bad guys do. First, you'll explore cookies, what to look for during a pen-test, and how you can brute force your way passed the login prompt. Next, you'll learn how easy it can be to hijack someone else's session with session fixation. Finally, you’ll discover what session puzzling is and how to leverage it as an attacker. When you’re finished with this course, you'll have a solid understanding of what to look for while penetration testing session management.


    Lessons:
    1. Course Overview
    01. Course Overview
    2. Course Introduction
    02. About This Course
    03. Course Introduction
    3. Testing for Bypassing Session Management Schema
    04. Introduction
    05. Cookie Collection
    06. Cookie Reverse Engineering
    07. Session ID Predictability
    08. Session Analysis
    09. Brute-force Attacks
    4. Testing for Cookie Attributes
    10. Introduction
    11. Secure Attribute
    12. HttpOnly Attribute
    13. Domain Attribute
    14. Path Attribute
    15. Expires Attribute
    5. Testing for Session Fixation
    16. Introduction
    17. Session Fixation
    6. Testing for Exposed Session Variables
    18. Introduction
    19. HTTP to HTTPS
    20. Session And Local Storage
    21. Different Tokens
    22. Hidden Fields
    23. POST to GET
    7. Testing for Cross-site Request Forgery
    24. Introduction
    25. Cross-site Request Forgery
    8. Testing for Logout Functionality
    26. Introduction
    27. Logout User Interface
    28. Server-side Session Termination
    29. Session Timeout
    9. Testing Session Timeout
    30. Introduction
    31. Destroying Session Tokens
    32. Proper Session Checks
    33. Timeout
    10. Testing Session Puzzling
    34. Introduction
    35. Authentication Bypass
    36. Impersonation
    37. Redirection Prevention Bypass
    38. Bypassing Restrictions in Multiphase Processes
    11. Course Wrap-up
    39. Summary
    40. Materials and References



    -------------