CFI2088 — Web Application Hacking
CFI 2088 - Web Application Hacking CFI 2088 - Web Application Hacking Hours/Week: Lecture 2 Lab 2 Course Description: This course builds on the topics covered in Introduction to Ethical Hacking, but focuses on web applications. The major phases of penetration testing (reconnaissance, vulnerability analysis and exploitation) remain the same, however, the tools and techniques for web applications vary greatly. The course will cover how to identify and exploit common web application flaws such as cross-site scripting, SQL injection, authentication flaws and more through hands-on labs. Course activities include a comprehensive hands-on exercise, conducting a penetration test against a unique lab web application. MnTC Goals None Web Application Security Current State of Web Application Security Web Application Technologies 2. Web Application Enumeration/Reconnaissance Application Usage Spidering Nikto Error Messages 3. Client-Side Controls Bypassing JavaScript Parameter Tampering 4. Authentication and Session Management Flaws Failing Open Cookies Session Hijacking Authentication Design Flaws 5. Cross-Site Scripting Identifying and Exploiting XSS Automated Exploitation Bypassing XSS Filters Escaping/Encoding User Input 6. SQL Injection DBMS Technologies Identifying SQL injection Enumerating Information with SQL injection Gaining shell from SQL injection 7. Web Application Exploitation Cross-Site Request Forgery File Inclusion Attacks Click Jacking Server/Application Misconfiguratio
Prerequisites: CFI1085, CFI2086