This document contains a collection of 90 YouTube video links related to web application penetration testing. The videos are grouped into 5 phases: history and web technology basics, setting up labs with Burp Suite and bWAPP, mapping the application and attack surface, understanding and exploiting the OWASP top 10 vulnerabilities, and specific videos from IBM, F5 Central, and Luke Briner on various vulnerabilities. The document provides resources for learning about penetration testing and exploiting common web application vulnerabilities.
u to upload a document in exchange for another document on Scribd for free. Unless you have a document of value you’d like to contribute to the site, you can create any kind of document you want. If you have a word processor installed on your computer, like Word or Apple Pages, you can use that to create a short, meaningless document. Alternatively, you can use Google Docs to create a free document on your computer and download it to your device. u to upload a document in exchange for another document on Scribd for free. Unless you have a document of value you’d like to contribute to the site, you can create any kind of document you want. If you have a word processor installed on your computer, like Word or Apple Pages, you can use that to create a short, meaningless document. Alternatively, you can use Google Docs to create a free document on your computer and download it to your devic. u to upload a document in exchange for another document on Scribd for free. Unless you have a document of value you’d like to contribute to the site, you can create any kind of document you want. If you have a word processor installed on your computer, like Word or Apple Pages, you can use that to create a short, meaningless document. Alternatively, you can use Google Docs to create a free document on your computer and download it to your devic
In preparation for your computer system servicing assessment day.It is a whole package and an outline of the competencies that you need to passed and accomplished for you to be ready to be assisted.
40 informatica videos
Informatica is a tool, supporting all the steps of Extraction, Transformation and Load process. Now a days Informatica is also being used as an Integration tool.
Informatica is an easy to use tool. It has got a simple visual interface like forms in visual basic. You just need to drag and drop different objects (known as transformations) and design process flow for Data extraction transformation and load. These process flow diagrams are known as mappings. Once a mapping is made, it can be scheduled to run as and when required. In the background Informatica server takes care of fetching data from source, transforming it, & loading it to the target systems/databases.
Informatica can communicate with all major data sources (mainframe/ RDBMS/ Flat Files/ XML/ VSM/ SAP etc), can move/transform data between them. It can move huge volumes of data in a very effective way, many a times better than even bespoke programs written for specific data movement only. It can throttle the transactions (do big updates in small chunks to avoid long locking and filling the transactional log). It can effectively join data from two distinct data sources (even a xml file can be joined with a relational table). In all, Informatica has got the ability to effectively integrate heterogeneous data sources & converting raw data into useful information.
Before we start actually working in Informatica, let’s have an idea about the company owning this wonderful product.
u to upload a document in exchange for another document on Scribd for free. Unless you have a document of value you’d like to contribute to the site, you can create any kind of document you want. If you have a word processor installed on your computer, like Word or Apple Pages, you can use that to create a short, meaningless document. Alternatively, you can use Google Docs to create a free document on your computer and download it to your device. u to upload a document in exchange for another document on Scribd for free. Unless you have a document of value you’d like to contribute to the site, you can create any kind of document you want. If you have a word processor installed on your computer, like Word or Apple Pages, you can use that to create a short, meaningless document. Alternatively, you can use Google Docs to create a free document on your computer and download it to your devic. u to upload a document in exchange for another document on Scribd for free. Unless you have a document of value you’d like to contribute to the site, you can create any kind of document you want. If you have a word processor installed on your computer, like Word or Apple Pages, you can use that to create a short, meaningless document. Alternatively, you can use Google Docs to create a free document on your computer and download it to your devic
In preparation for your computer system servicing assessment day.It is a whole package and an outline of the competencies that you need to passed and accomplished for you to be ready to be assisted.
40 informatica videos
Informatica is a tool, supporting all the steps of Extraction, Transformation and Load process. Now a days Informatica is also being used as an Integration tool.
Informatica is an easy to use tool. It has got a simple visual interface like forms in visual basic. You just need to drag and drop different objects (known as transformations) and design process flow for Data extraction transformation and load. These process flow diagrams are known as mappings. Once a mapping is made, it can be scheduled to run as and when required. In the background Informatica server takes care of fetching data from source, transforming it, & loading it to the target systems/databases.
Informatica can communicate with all major data sources (mainframe/ RDBMS/ Flat Files/ XML/ VSM/ SAP etc), can move/transform data between them. It can move huge volumes of data in a very effective way, many a times better than even bespoke programs written for specific data movement only. It can throttle the transactions (do big updates in small chunks to avoid long locking and filling the transactional log). It can effectively join data from two distinct data sources (even a xml file can be joined with a relational table). In all, Informatica has got the ability to effectively integrate heterogeneous data sources & converting raw data into useful information.
Before we start actually working in Informatica, let’s have an idea about the company owning this wonderful product.
Augmented Reality (AR) - The Future of Mobile Applications? Carin Campanario
Inspirational snippets of information (images and website links) about AR technologies, applications, concepts, ideas, events and blogs, gathered from the web for a Barcamp London 7 session on 25th October 2009, by Carin Campanario.
Cross Context Scripting (XCS) is a type of XSS (Cross Site Scripting) injection which occurs from an untrusted zone, typically a web page on the Internet into the context of a trusted browser zone.
XSS injection in a trusted browser zone can be 'lethal', as injected payload runs as privileged code. No SOP (Same-Origin Policy) restrictions are enforced and direct interfacing with the underlying OS is possible.
To exploit such bugs, there is no need to use ROP gadgets, spray the heap or attempt other complex techniques. At the opposite, only few elements are required for a successful exploit, such as the right injection point and a tailored exploit payload.
This presentation will examine XCS in details and will provide a demonstration of XCS exploits of both unpatched and patched vulnerabilities in Firefox, Opera, Maxthon and Avant browsers.
Chile 2009 - US State Department Speaker program and INACAP "Best Practices i...Alexandra M. Pickett
Handout for presentations on my US state department and INACAP invited tour of Chile. September 26-October 10, 2009. Presentations made at:
la Universidad de Artes, Ciencias, y Communicación - UNIACC - Santiago
Universidad Tecnológica de Chile - INACAP - Santiago
INACAP - Concepción
Unerversidad del Bío-Bío - Concepción
INACAP - Valparaíso
Pontificia Universidad Católica de Valparaíso
-PUCV
Universidad Católica de Chile (PUC) - Santiago
Best Deep Learning Post from LinkedIn Group
Datasets for Deep Learning (Slide share)
http://www.slideshare.net/pirahansiah/computer-vision-deep-learning-opencv
Deep Learning for Video Analysis – part 1 (DeepStream SDK NVIDIA TensorRT || NVIDIA GPU Inference Engine (GIE))
https://www.linkedin.com/lite/external-redirect?url=http%3A%2F%2Fwww%2Eslideshare%2Enet%2Fpirahansiah%2Fdeep-learning-for-video-analysis-part-1-deepstream-sdk-nvidia-tensorrt-nvidia-gpu-inference-engine-gie&urlHash=F2e8
How to install Digits 5.1 on Ubuntu 14
https://www.linkedin.com/redir/redirect?url=http%3A%2F%2Fwww%2Eslideshare%2Enet%2Fpirahansiah%2Fhow-to-install-digits-51-on-ubuntu-14&urlhash=8V-j&_t=tracking_anet
example of using deep learning in opencv 3.1
http://docs.opencv.org/3.1.0/d5/de7/tutorial_dnn_googlenet.html
Layers in Deep Learning & Caffe layers (model architecture )
https://www.linkedin.com/lite/external-redirect?url=http%3A%2F%2Fwww%2Eslideshare%2Enet%2Fpirahansiah%2Flayers-in-deep-learningcaffe-layers-model-architecture&urlHash=BsHf
Install, Compile, Setup, Setting OpenCV 3.2, Visual C++ 2015, Win 64bit,
https://www.linkedin.com/lite/external-redirect?url=http%3A%2F%2Fwww%2Eslideshare%2Enet%2Fpirahansiah%2Finstall-compile-setup-setting-opencv-32-visual-c-2015-win-64bit&urlHash=dC7R
Autonomous driving vehicles (Computer Vision, Deep Learning)
https://www.linkedin.com/pulse/autonomous-driving-vehicles-computer-vision-deep-farshid-pirahansiah-1?trk=mp-author-card
Compile OpenCV 3.2 with Visual Studio 2017 (C++) on Windows 10 x64 bit and test with TensorFlow
https://www.youtube.com/watch?v=mdeP8SdvSJw
TensorFlow in OpenCV 3.2 Visual Studio 2017 (C++ deep learning) application
https://www.youtube.com/watch?v=QK1kLTfS97c
Welocme to ViralQR, your best QR code generator.ViralQR
Welcome to ViralQR, your best QR code generator available on the market!
At ViralQR, we design static and dynamic QR codes. Our mission is to make business operations easier and customer engagement more powerful through the use of QR technology. Be it a small-scale business or a huge enterprise, our easy-to-use platform provides multiple choices that can be tailored according to your company's branding and marketing strategies.
Our Vision
We are here to make the process of creating QR codes easy and smooth, thus enhancing customer interaction and making business more fluid. We very strongly believe in the ability of QR codes to change the world for businesses in their interaction with customers and are set on making that technology accessible and usable far and wide.
Our Achievements
Ever since its inception, we have successfully served many clients by offering QR codes in their marketing, service delivery, and collection of feedback across various industries. Our platform has been recognized for its ease of use and amazing features, which helped a business to make QR codes.
Our Services
At ViralQR, here is a comprehensive suite of services that caters to your very needs:
Static QR Codes: Create free static QR codes. These QR codes are able to store significant information such as URLs, vCards, plain text, emails and SMS, Wi-Fi credentials, and Bitcoin addresses.
Dynamic QR codes: These also have all the advanced features but are subscription-based. They can directly link to PDF files, images, micro-landing pages, social accounts, review forms, business pages, and applications. In addition, they can be branded with CTAs, frames, patterns, colors, and logos to enhance your branding.
Pricing and Packages
Additionally, there is a 14-day free offer to ViralQR, which is an exceptional opportunity for new users to take a feel of this platform. One can easily subscribe from there and experience the full dynamic of using QR codes. The subscription plans are not only meant for business; they are priced very flexibly so that literally every business could afford to benefit from our service.
Why choose us?
ViralQR will provide services for marketing, advertising, catering, retail, and the like. The QR codes can be posted on fliers, packaging, merchandise, and banners, as well as to substitute for cash and cards in a restaurant or coffee shop. With QR codes integrated into your business, improve customer engagement and streamline operations.
Comprehensive Analytics
Subscribers of ViralQR receive detailed analytics and tracking tools in light of having a view of the core values of QR code performance. Our analytics dashboard shows aggregate views and unique views, as well as detailed information about each impression, including time, device, browser, and estimated location by city and country.
So, thank you for choosing ViralQR; we have an offer of nothing but the best in terms of QR code services to meet business diversity!
Augmented Reality (AR) - The Future of Mobile Applications? Carin Campanario
Inspirational snippets of information (images and website links) about AR technologies, applications, concepts, ideas, events and blogs, gathered from the web for a Barcamp London 7 session on 25th October 2009, by Carin Campanario.
Cross Context Scripting (XCS) is a type of XSS (Cross Site Scripting) injection which occurs from an untrusted zone, typically a web page on the Internet into the context of a trusted browser zone.
XSS injection in a trusted browser zone can be 'lethal', as injected payload runs as privileged code. No SOP (Same-Origin Policy) restrictions are enforced and direct interfacing with the underlying OS is possible.
To exploit such bugs, there is no need to use ROP gadgets, spray the heap or attempt other complex techniques. At the opposite, only few elements are required for a successful exploit, such as the right injection point and a tailored exploit payload.
This presentation will examine XCS in details and will provide a demonstration of XCS exploits of both unpatched and patched vulnerabilities in Firefox, Opera, Maxthon and Avant browsers.
Chile 2009 - US State Department Speaker program and INACAP "Best Practices i...Alexandra M. Pickett
Handout for presentations on my US state department and INACAP invited tour of Chile. September 26-October 10, 2009. Presentations made at:
la Universidad de Artes, Ciencias, y Communicación - UNIACC - Santiago
Universidad Tecnológica de Chile - INACAP - Santiago
INACAP - Concepción
Unerversidad del Bío-Bío - Concepción
INACAP - Valparaíso
Pontificia Universidad Católica de Valparaíso
-PUCV
Universidad Católica de Chile (PUC) - Santiago
Best Deep Learning Post from LinkedIn Group
Datasets for Deep Learning (Slide share)
http://www.slideshare.net/pirahansiah/computer-vision-deep-learning-opencv
Deep Learning for Video Analysis – part 1 (DeepStream SDK NVIDIA TensorRT || NVIDIA GPU Inference Engine (GIE))
https://www.linkedin.com/lite/external-redirect?url=http%3A%2F%2Fwww%2Eslideshare%2Enet%2Fpirahansiah%2Fdeep-learning-for-video-analysis-part-1-deepstream-sdk-nvidia-tensorrt-nvidia-gpu-inference-engine-gie&urlHash=F2e8
How to install Digits 5.1 on Ubuntu 14
https://www.linkedin.com/redir/redirect?url=http%3A%2F%2Fwww%2Eslideshare%2Enet%2Fpirahansiah%2Fhow-to-install-digits-51-on-ubuntu-14&urlhash=8V-j&_t=tracking_anet
example of using deep learning in opencv 3.1
http://docs.opencv.org/3.1.0/d5/de7/tutorial_dnn_googlenet.html
Layers in Deep Learning & Caffe layers (model architecture )
https://www.linkedin.com/lite/external-redirect?url=http%3A%2F%2Fwww%2Eslideshare%2Enet%2Fpirahansiah%2Flayers-in-deep-learningcaffe-layers-model-architecture&urlHash=BsHf
Install, Compile, Setup, Setting OpenCV 3.2, Visual C++ 2015, Win 64bit,
https://www.linkedin.com/lite/external-redirect?url=http%3A%2F%2Fwww%2Eslideshare%2Enet%2Fpirahansiah%2Finstall-compile-setup-setting-opencv-32-visual-c-2015-win-64bit&urlHash=dC7R
Autonomous driving vehicles (Computer Vision, Deep Learning)
https://www.linkedin.com/pulse/autonomous-driving-vehicles-computer-vision-deep-farshid-pirahansiah-1?trk=mp-author-card
Compile OpenCV 3.2 with Visual Studio 2017 (C++) on Windows 10 x64 bit and test with TensorFlow
https://www.youtube.com/watch?v=mdeP8SdvSJw
TensorFlow in OpenCV 3.2 Visual Studio 2017 (C++ deep learning) application
https://www.youtube.com/watch?v=QK1kLTfS97c
Welocme to ViralQR, your best QR code generator.ViralQR
Welcome to ViralQR, your best QR code generator available on the market!
At ViralQR, we design static and dynamic QR codes. Our mission is to make business operations easier and customer engagement more powerful through the use of QR technology. Be it a small-scale business or a huge enterprise, our easy-to-use platform provides multiple choices that can be tailored according to your company's branding and marketing strategies.
Our Vision
We are here to make the process of creating QR codes easy and smooth, thus enhancing customer interaction and making business more fluid. We very strongly believe in the ability of QR codes to change the world for businesses in their interaction with customers and are set on making that technology accessible and usable far and wide.
Our Achievements
Ever since its inception, we have successfully served many clients by offering QR codes in their marketing, service delivery, and collection of feedback across various industries. Our platform has been recognized for its ease of use and amazing features, which helped a business to make QR codes.
Our Services
At ViralQR, here is a comprehensive suite of services that caters to your very needs:
Static QR Codes: Create free static QR codes. These QR codes are able to store significant information such as URLs, vCards, plain text, emails and SMS, Wi-Fi credentials, and Bitcoin addresses.
Dynamic QR codes: These also have all the advanced features but are subscription-based. They can directly link to PDF files, images, micro-landing pages, social accounts, review forms, business pages, and applications. In addition, they can be branded with CTAs, frames, patterns, colors, and logos to enhance your branding.
Pricing and Packages
Additionally, there is a 14-day free offer to ViralQR, which is an exceptional opportunity for new users to take a feel of this platform. One can easily subscribe from there and experience the full dynamic of using QR codes. The subscription plans are not only meant for business; they are priced very flexibly so that literally every business could afford to benefit from our service.
Why choose us?
ViralQR will provide services for marketing, advertising, catering, retail, and the like. The QR codes can be posted on fliers, packaging, merchandise, and banners, as well as to substitute for cash and cards in a restaurant or coffee shop. With QR codes integrated into your business, improve customer engagement and streamline operations.
Comprehensive Analytics
Subscribers of ViralQR receive detailed analytics and tracking tools in light of having a view of the core values of QR code performance. Our analytics dashboard shows aggregate views and unique views, as well as detailed information about each impression, including time, device, browser, and estimated location by city and country.
So, thank you for choosing ViralQR; we have an offer of nothing but the best in terms of QR code services to meet business diversity!
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™UiPathCommunity
In questo evento online gratuito, organizzato dalla Community Italiana di UiPath, potrai esplorare le nuove funzionalità di Autopilot, il tool che integra l'Intelligenza Artificiale nei processi di sviluppo e utilizzo delle Automazioni.
📕 Vedremo insieme alcuni esempi dell'utilizzo di Autopilot in diversi tool della Suite UiPath:
Autopilot per Studio Web
Autopilot per Studio
Autopilot per Apps
Clipboard AI
GenAI applicata alla Document Understanding
👨🏫👨💻 Speakers:
Stefano Negro, UiPath MVPx3, RPA Tech Lead @ BSP Consultant
Flavio Martinelli, UiPath MVP 2023, Technical Account Manager @UiPath
Andrei Tasca, RPA Solutions Team Lead @NTT Data
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
2. Web Application Penetration Testing
Phase 1 – History
1. History of Internet - https://www.youtube.com/watch?v=9hIQjrMHTv4
Phase 2 – Web and Server Technology
2. Basic concepts of web applications, how they work and the HTTP protocol - https://www.youtube.com/watch?v=RsQ1tFLwldY&t=7s
3. HTML basics part 1 - https://www.youtube.com/watch?v=p6fRBGI_BY0
4. HTML basics part 2 - https://www.youtube.com/watch?v=Zs6lzuBVK2w
5. Difference between static and dynamic website - https://www.youtube.com/watch?v=hlg6q6OFoxQ
6. HTTP protocol Understanding - https://www.youtube.com/watch?v=JFZMyhRTVt0
7. Parts of HTTP Request -https://www.youtube.com/watch?v=pHFWGN-upGM
8. Parts of HTTP Response - https://www.youtube.com/watch?v=c9sMNc2PrMU
9. Various HTTP Methods - https://www.youtube.com/watch?v=PO7D20HsFsY
10. Understanding URLS - https://www.youtube.com/watch?v=5Jr-_Za5yQM
11. Intro to REST - https://www.youtube.com/watch?v=YCcAE2SCQ6k
12. HTTP Request & Response Headers - https://www.youtube.com/watch?v=vAuZwirKjWs
13. What is a cookie - https://www.youtube.com/watch?v=I01XMRo2ESg
14. HTTP Status codes - https://www.youtube.com/watch?v=VLH3FMQ5BIQ
15. HTTP Proxy - https://www.youtube.com/watch?v=qU0PVSJCKcs
16. Authentication with HTTP - https://www.youtube.com/watch?v=GxiFXUFKo1M
17. HTTP basic and digest authentication - https://www.youtube.com/watch?v=GOnhCbDhMzk
18. What is “Server-Side” - https://www.youtube.com/watch?v=JnCLmLO9LhA
19. Server and client side with example - https://www.youtube.com/watch?v=DcBB2Fp8WNI
20. What is a session - https://www.youtube.com/watch?v=WV4DJ6b0jhg&t=202s
21. Introduction to UTF-8 and Unicode - https://www.youtube.com/watch?v=sqPTR_v4qFA
22. URL encoding - https://www.youtube.com/watch?v=Z3udiqgW1VA
23. HTML encoding - https://www.youtube.com/watch?v=IiAfCLWpgII&t=109s
24. Base64 encoding - https://www.youtube.com/watch?v=8qkxeZmKmOY
25. Hex encoding & ASCII - https://www.youtube.com/watch?v=WW2SaCMnHdU
3. Phase 3 – Setting up the lab with BurpSuite and bWAPP
MANISH AGRAWAL
26. Setup lab with bWAPP - https://www.youtube.com/watch?v=dwtUn3giwTk&index=1&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV
27. Set up Burp Suite - https://www.youtube.com/watch?v=hQsT4rSa_v0&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV&index=2
28. Configure Firefox and add certificate - https://www.youtube.com/watch?v=hfsdJ69GSV4&index=3&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV
29. Mapping and scoping website - https://www.youtube.com/watch?v=H-_iVteMDRo&index=4&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV
30. Spidering - https://www.youtube.com/watch?v=97uMUQGIe14&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV&index=5
31. Active and passive scanning - https://www.youtube.com/watch?v=1Mjom6AcFyU&index=6&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV
32. Scanner options and demo - https://www.youtube.com/watch?v=gANi4Kt7-ek&index=7&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV
33. Introduction to password security - https://www.youtube.com/watch?v=FwcUhcLO9iM&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV&index=8
34. Intruder - https://www.youtube.com/watch?v=wtMg9oEMTa8&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV&index=9
35. Intruder attack types - https://www.youtube.com/watch?v=N5ndYPwddkQ&index=10&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV
36. Payload settings - https://www.youtube.com/watch?v=5GpdlbtL-1Q&index=11&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV
37. Intruder settings - https://www.youtube.com/watch?v=B_Mu7jmOYnU&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV&index=12
ÆTHER SECURITY LAB
38. No.1 Penetration testing tool - https://www.youtube.com/watch?v=AVzC7ETqpDo&list=PLq9n8iqQJFDrwFe9AEDBlR1uSHEN7egQA&index=1
39. Environment Setup - https://www.youtube.com/watch?v=yqnUOdr0eVk&index=2&list=PLq9n8iqQJFDrwFe9AEDBlR1uSHEN7egQA
40. General concept - https://www.youtube.com/watch?v=udl4oqr_ylM&list=PLq9n8iqQJFDrwFe9AEDBlR1uSHEN7egQA&index=3
41. Proxy module - https://www.youtube.com/watch?v=PDTwYFkjQBE&list=PLq9n8iqQJFDrwFe9AEDBlR1uSHEN7egQA&index=4
42. Repeater module - https://www.youtube.com/watch?v=9Zh_7s5csCc&list=PLq9n8iqQJFDrwFe9AEDBlR1uSHEN7egQA&index=5
43. Target and spider module - https://www.youtube.com/watch?v=dCKPZUSOlr8&list=PLq9n8iqQJFDrwFe9AEDBlR1uSHEN7egQA&index=6
44. Sequencer and scanner module - https://www.youtube.com/watch?v=G-v581pXerE&list=PLq9n8iqQJFDrwFe9AEDBlR1uSHEN7egQA&index=7
Phase 4 – Mapping the application and attack surface
45. Spidering - https://www.youtube.com/watch?v=97uMUQGIe14&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV&index=5
46. Mapping application using robots.txt - https://www.youtube.com/watch?v=akuzgZ75zrk
47. Discover hidden contents using dirbuster - https://www.youtube.com/watch?v=--nu9Jq07gA
48. Dirbuster in detail - https://www.youtube.com/watch?v=2tOQC68hAcQ
49. Discover hidden directories and files with intruder - https://www.youtube.com/watch?v=4Fz9mJeMNkI
50. Directory bruteforcing 1 - https://www.youtube.com/watch?v=ch2onB_LFoI
51. Directory bruteforcing 2 - https://www.youtube.com/watch?v=ASMW_oLbyIg
52. Identify application entry points - https://www.youtube.com/watch?v=IgJWPZ2OKO8&t=34s
53. Identify application entry points - https://www.owasp.org/index.php/Identify_application_entry_points_(OTG-INFO-006)
54. Identify client and server technology - https://www.youtube.com/watch?v=B8jN_iWjtyM
4. 55. Identify server technology using banner grabbing (telnet) - https://www.youtube.com/watch?v=O67M-U2UOAg
56. Identify server technology using httprecon - https://www.youtube.com/watch?v=xBBHtS-dwsM
57. Pentesting with Google dorks Introduction - https://www.youtube.com/watch?v=NmdrKFwAw9U
58. Fingerprinting web server - https://www.youtube.com/watch?v=tw2VdG0t5kc&list=PLxLRoXCDIalcRS5Nb1I_HM_OzS10E6lqp&index=10
59. Use Nmap for fingerprinting web server - https://www.youtube.com/watch?v=VQV-y_-AN80
60. Review webs servers metafiles for information leakage - https://www.youtube.com/watch?v=sds3Zotf_ZY
61. Enumerate applications on web server - https://www.youtube.com/watch?v=lfhvvTLN60E
62. Identify application entry points - https://www.youtube.com/watch?v=97uMUQGIe14&list=PLDeogY2Qr-tGR2NL2X1AR5Zz9t1iaWwlM
63. Map execution path through application - https://www.youtube.com/watch?v=0I0NPiyo9UI
64. Fingerprint web application frameworks - https://www.youtube.com/watch?v=ASzG0kBoE4c
Phase 5 – Understanding and exploiting OWASP top 10 vulnerabilities
65. A closer look at all owasp top 10 vulnerabilities - https://www.youtube.com/watch?v=avFR_Af0KGk
IBM
66. Injection - https://www.youtube.com/watch?v=02mLrFVzIYU&index=1&list=PLoyY7ZjHtUUVLs2fy-ctzZDSPpawuQ28d
67. Broken authentication and session management -
https://www.youtube.com/watch?v=iX49fqZ8HGA&index=2&list=PLoyY7ZjHtUUVLs2fy-ctzZDSPpawuQ28d
68. Cross-site scripting - https://www.youtube.com/watch?v=x6I5fCupLLU&index=3&list=PLoyY7ZjHtUUVLs2fy-ctzZDSPpawuQ28d
69. Insecure direct object reference - https://www.youtube.com/watch?v=-iCyp9Qz3CI&list=PLoyY7ZjHtUUVLs2fy-ctzZDSPpawuQ28d&index=4
70. Security misconfiguration - https://www.youtube.com/watch?v=cIplXL8idyo&list=PLoyY7ZjHtUUVLs2fy-ctzZDSPpawuQ28d&index=5
71. Sensitive data exposure - https://www.youtube.com/watch?v=rYlzTQlF8Ws&index=6&list=PLoyY7ZjHtUUVLs2fy-ctzZDSPpawuQ28d
72. Missing functional level access controls - https://www.youtube.com/watch?v=VMv_gyCNGpk&list=PLoyY7ZjHtUUVLs2fy-ctzZDSPpawuQ28d&index=7
73. Cross-site request forgery - https://www.youtube.com/watch?v=_xSFm3KGxh0&list=PLoyY7ZjHtUUVLs2fy-ctzZDSPpawuQ28d&index=8
74. Using components with known vulnerabilities -
https://www.youtube.com/watch?v=bhJmVBJ-F-4&index=9&list=PLoyY7ZjHtUUVLs2fy-ctzZDSPpawuQ28d
75. Unvalidated redirects and forwards - https://www.youtube.com/watch?v=L6bYKiLtSL8&index=10&list=PLoyY7ZjHtUUVLs2fy-ctzZDSPpawuQ28d
F5 CENTRAL
76. Injection - https://www.youtube.com/watch?v=rWHvp7rUka8&index=1&list=PLyqga7AXMtPPuibxp1N0TdyDrKwP9H_jD
77. Broken authentication and session management -
https://www.youtube.com/watch?v=mruO75ONWy8&index=2&list=PLyqga7AXMtPPuibxp1N0TdyDrKwP9H_jD
78. Insecure deserialisation - https://www.youtube.com/watch?v=nkTBwbnfesQ&index=8&list=PLyqga7AXMtPPuibxp1N0TdyDrKwP9H_jD
79. Sensitive data exposure - https://www.youtube.com/watch?v=2RKbacrkUBU&index=3&list=PLyqga7AXMtPPuibxp1N0TdyDrKwP9H_jD
80. Broken access control - https://www.youtube.com/watch?v=P38at6Tp8Ms&list=PLyqga7AXMtPPuibxp1N0TdyDrKwP9H_jD&index=5
81. Insufficient logging and monitoring - https://www.youtube.com/watch?v=IFF3tkUOF5E&index=10&list=PLyqga7AXMtPPuibxp1N0TdyDrKwP9H_jD
5. 82. XML external entities - https://www.youtube.com/watch?v=g2ey7ry8_CQ&list=PLyqga7AXMtPPuibxp1N0TdyDrKwP9H_jD&index=4
83. Using components with known vulnerabilities -
https://www.youtube.com/watch?v=IGsNYVDKRV0&index=9&list=PLyqga7AXMtPPuibxp1N0TdyDrKwP9H_jD
84. Cross-site scripting - https://www.youtube.com/watch?v=IuzU4y-UjLw&index=7&list=PLyqga7AXMtPPuibxp1N0TdyDrKwP9H_jD
85. Security misconfiguration - https://www.youtube.com/watch?v=JuGSUMtKTPU&index=6&list=PLyqga7AXMtPPuibxp1N0TdyDrKwP9H_jD
LUKE BRINER
86. Injection explained - https://www.youtube.com/watch?v=1qMggPJpRXM&index=1&list=PLpNYlUeSK_rkrrBox-xvSkm5lgaDqKa0X
87. Broken authentication and session management -
https://www.youtube.com/watch?v=fKnG15BL4AY&list=PLpNYlUeSK_rkrrBox-xvSkm5lgaDqKa0X&index=2
88. Cross-site scripting - https://www.youtube.com/watch?v=ksM-xXeDUNs&index=3&list=PLpNYlUeSK_rkrrBox-xvSkm5lgaDqKa0X
89. Insecure direct object reference - https://www.youtube.com/watch?v=ZodA76-CB10&list=PLpNYlUeSK_rkrrBox-xvSkm5lgaDqKa0X&index=4
90. Security misconfiguration - https://www.youtube.com/watch?v=DfFPHKPCofY&index=5&list=PLpNYlUeSK_rkrrBox-xvSkm5lgaDqKa0X
91. Sensitive data exposure - https://www.youtube.com/watch?v=Z7hafbGDVEE&list=PLpNYlUeSK_rkrrBox-xvSkm5lgaDqKa0X&index=6
92. Missing functional level access control - https://www.youtube.com/watch?v=RGN3w831Elo&list=PLpNYlUeSK_rkrrBox-xvSkm5lgaDqKa0X&index=7
93. Cross-site request forgery - https://www.youtube.com/watch?v=XRW_US5BCxk&list=PLpNYlUeSK_rkrrBox-xvSkm5lgaDqKa0X&index=8
94. Components with known vulnerabilities - https://www.youtube.com/watch?v=pbvDW9pJdng&list=PLpNYlUeSK_rkrrBox-xvSkm5lgaDqKa0X&index=9
95. Unvalidated redirects and forwards - https://www.youtube.com/watch?v=bHTglpgC5Qg&list=PLpNYlUeSK_rkrrBox-xvSkm5lgaDqKa0X&index=10
Phase 6 – Session management testing
96. Bypass authentication using cookie manipulation - https://www.youtube.com/watch?v=mEbmturLljU
97. Cookie Security Via httponly and secure Flag - OWASP - https://www.youtube.com/watch?v=3aKA4RkAg78
98. Penetration testing Cookies basic - https://www.youtube.com/watch?v=_P7KN8T1boc
99. Session fixation 1 - https://www.youtube.com/watch?v=ucmgeHKtxaI
100. Session fixation 2 - https://www.youtube.com/watch?v=0Tu1qxysWOk
101. Session fixation 3 - https://www.youtube.com/watch?v=jxwgpWvRUSo
102. Session fixation 4 - https://www.youtube.com/watch?v=eUbtW0Z0W1g
103. CSRF - Cross site request forgery 1 - https://www.youtube.com/watch?v=m0EHlfTgGUU
104. CSRF - Cross site request forgery 2 - https://www.youtube.com/watch?v=H3iu0_ltcv4
105. CSRF - Cross site request forgery 3 - https://www.youtube.com/watch?v=1NO4I28J-0s
106. CSRF - Cross site request forgery 4 - https://www.youtube.com/watch?v=XdEJEUJ0Fr8
107. CSRF - Cross site request forgery 5 - https://www.youtube.com/watch?v=TwG0Rd0hr18
108. Session puzzling 1 - https://www.youtube.com/watch?v=YEOvmhTb8xA
109. Admin bypass using session hijacking - https://www.youtube.com/watch?v=1wp1o-1TfAc
6. Phase 7 – Bypassing client-side controls
110. What is hidden forms in HTML - https://www.youtube.com/watch?v=orUoGsgaYAE
111. Bypassing hidden form fields using tamper data - https://www.youtube.com/watch?v=NXkGX2sPw7I
112. Bypassing hidden form fields using Burp Suite (Purchase application) - https://www.youtube.com/watch?v=xahvJyUFTfM
113. Changing price on eCommerce website using parameter tampering - https://www.youtube.com/watch?v=A-ccNpP06Zg
114. Understanding cookie in detail - https://www.youtube.com/watch?v=_P7KN8T1boc&list=PLWPirh4EWFpESKWJmrgQwmsnTrL_K93Wi&index=18
115. Cookie tampering with tamper data- https://www.youtube.com/watch?v=NgKXm0lBecc
116. Cookie tamper part 2 - https://www.youtube.com/watch?v=dTCt_I2DWgo
117. Understanding referer header in depth using Cisco product - https://www.youtube.com/watch?v=GkQnBa3C7WI&t=35s
118. Introduction to ASP.NET viewstate - https://www.youtube.com/watch?v=L3p6Uw6SSXs
119. ASP.NET viewstate in depth - https://www.youtube.com/watch?v=Fn_08JLsrmY
120. Analyse sensitive data in ASP.NET viewstate - https://msdn.microsoft.com/en-us/library/ms972427.aspx?f=255&MSPPError=-2147217396
121. Cross-origin-resource-sharing explanation with example - https://www.youtube.com/watch?v=Ka8vG5miErk
122. CORS demo 1 - https://www.youtube.com/watch?v=wR8pjTWaEbs
123. CORS demo 2 - https://www.youtube.com/watch?v=lg31RYYG-T4
124. Security headers - https://www.youtube.com/watch?v=TNlcoYLIGFk
125. Security headers 2 - https://www.youtube.com/watch?v=ZZUvmVkkKu4
Phase 8 – Attacking authentication/login
126. Attacking login panel with bad password - Guess username password for the website and try different combinations
127. Brute-force login panel - https://www.youtube.com/watch?v=25cazx5D_vw
128. Username enumeration - https://www.youtube.com/watch?v=WCO7LnSlskE
129. Username enumeration with bruteforce password attack - https://www.youtube.com/watch?v=zf3-pYJU1c4
130. Authentication over insecure HTTP protocol - https://www.youtube.com/watch?v=ueSG7TUqoxk
131. Authentication over insecure HTTP protocol - https://www.youtube.com/watch?v=_WQe36pZ3mA
132. Forgot password vulnerability - case 1 - https://www.youtube.com/watch?v=FEUidWWnZwU
133. Forgot password vulnerability - case 2 - https://www.youtube.com/watch?v=j7-8YyYdWL4
134. Login page autocomplete feature enabled - https://www.youtube.com/watch?v=XNjUfwDmHGc&t=33s
135. Testing for weak password policy - https://www.owasp.org/index.php/Testing_for_Weak_password_policy_(OTG-AUTHN-007)
136. Insecure distribution of credentials - When you register in any website or you request for a password reset using forgot password feature, if the
website sends your username and password over the email in cleartext without sending the password reset link, then it is a vulnerability.
137. Test for credentials transportation using SSL/TLS certificate - https://www.youtube.com/watch?v=21_IYz4npRs
138. Basics of MySQL - https://www.youtube.com/watch?v=yPu6qV5byu4
139. Testing browser cache - https://www.youtube.com/watch?v=2T_Xz3Humdc
140. Bypassing login panel -case 1 - https://www.youtube.com/watch?v=TSqXkkOt6oM
141. Bypass login panel - case 2 - https://www.youtube.com/watch?v=J6v_W-LFK1c
8. 158. What is XSS - https://www.youtube.com/watch?v=cbmBDiR6WaY
159. Reflected XSS demo - https://www.youtube.com/watch?v=r79ozjCL7DA
160. XSS attack method using burpsuite - https://www.youtube.com/watch?v=OLKBZNw3OjQ
161. XSS filter bypass with Xenotix - https://www.youtube.com/watch?v=loZSdedJnqc
162. Reflected XSS filter bypass 1 - https://www.youtube.com/watch?v=m5rlLgGrOVA
163. Reflected XSS filter bypass 2 - https://www.youtube.com/watch?v=LDiXveqQ0gg
164. Reflected XSS filter bypass 3 - https://www.youtube.com/watch?v=hb_qENFUdOk
165. Reflected XSS filter bypass 4 - https://www.youtube.com/watch?v=Fg1qqkedGUk
166. Reflected XSS filter bypass 5 - https://www.youtube.com/watch?v=NImym71f3Bc
167. Reflected XSS filter bypass 6 - https://www.youtube.com/watch?v=9eGzAym2a5Q
168. Reflected XSS filter bypass 7 - https://www.youtube.com/watch?v=ObfEI84_MtM
169. Reflected XSS filter bypass 8 - https://www.youtube.com/watch?v=2c9xMe3VZ9Q
170. Reflected XSS filter bypass 9 - https://www.youtube.com/watch?v=-48zknvo7LM
171. Introduction to Stored XSS - https://www.youtube.com/watch?v=SHmQ3sQFeLE
172. Stored XSS 1 - https://www.youtube.com/watch?v=oHIl_pCahsQ
173. Stored XSS 2 - https://www.youtube.com/watch?v=dBTuWzX8hd0
174. Stored XSS 3 - https://www.youtube.com/watch?v=PFG0lkMeYDc
175. Stored XSS 4 - https://www.youtube.com/watch?v=YPUBFklUWLc
176. Stored XSS 5 - https://www.youtube.com/watch?v=x9Zx44EV-Og
SQL injection
177. Part 1 - Install SQLi lab - https://www.youtube.com/watch?v=NJ9AA1_t1Ic&index=23&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro
178. Part 2 - SQL lab series - https://www.youtube.com/watch?v=TA2h_kUqfhU&index=22&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro
179. Part 3 - SQL lab series - https://www.youtube.com/watch?v=N0zAChmZIZU&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro&index=21
180. Part 4 - SQL lab series - https://www.youtube.com/watch?v=6pVxm5mWBVU&index=20&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro
181. Part 5 - SQL lab series - https://www.youtube.com/watch?v=0tyerVP9R98&index=19&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro
182. Part 6 - Double query injection - https://www.youtube.com/watch?v=zaRlcPbfX4M&index=18&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro
183. Part 7 - Double query injection cont.. - https://www.youtube.com/watch?v=9utdAPxmvaI&index=17&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro
184. Part 8 - Blind injection boolean based - https://www.youtube.com/watch?v=u7Z7AIR6cMI&index=16&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro
185. Part 9 - Blind injection time based - https://www.youtube.com/watch?v=gzU1YBu_838&index=15&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro
186. Part 10 - Dumping DB using outfile - https://www.youtube.com/watch?v=ADW844OA6io&index=14&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro
187. Part 11 - Post parameter injection error based -
https://www.youtube.com/watch?v=6sQ23tqiTXY&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro&index=13
188. Part 12 - POST parameter injection double query based -
https://www.youtube.com/watch?v=tjFXWQY4LuA&index=12&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro
189. Part 13 - POST parameter injection blind boolean and time based -
https://www.youtube.com/watch?v=411G-4nH5jE&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro&index=10
190. Part 14 - Post parameter injection in UPDATE query -
https://www.youtube.com/watch?v=2FgLcPuU7Vw&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro&index=11
9. 191. Part 15 - Injection in insert query - https://www.youtube.com/watch?v=ZJiPsWxXYZs&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro&index=9
192. Part 16 - Cookie based injection - https://www.youtube.com/watch?v=-A3vVqfP8pA&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro&index=8
193. Part 17 - Second order injection -https://www.youtube.com/watch?v=e9pbC5BxiAE&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro&index=7
194. Part 18 - Bypassing blacklist filters - 1 - https://www.youtube.com/watch?v=5P-knuYoDdw&index=6&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro
195. Part 19 - Bypassing blacklist filters - 2 - https://www.youtube.com/watch?v=45BjuQFt55Y&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro&index=5
196. Part 20 - Bypassing blacklist filters - 3 - https://www.youtube.com/watch?v=c-Pjb_zLpH0&index=4&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro
197. Part 21 - Bypassing WAF - https://www.youtube.com/watch?v=uRDuCXFpHXc&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro&index=2
198. Part 22 - Bypassing WAF - Impedance mismatch -
https://www.youtube.com/watch?v=ygVUebdv_Ws&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro&index=3
199. Part 23 - Bypassing addslashes - charset mismatch -
https://www.youtube.com/watch?v=du-jkS6-sbo&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro&index=1
NoSQL injection
200. Introduction to NoSQL injection - https://www.youtube.com/watch?v=h0h37-Dwd_A
201. Introduction to SQL vs NoSQL - Difference between MySQL and MongoDB with tutorial - https://www.youtube.com/watch?v=QwevGzVu_zk
202. Abusing NoSQL databases - https://www.youtube.com/watch?v=lcO1BTNh8r8
203. Making cry - attacking NoSQL for pentesters - https://www.youtube.com/watch?v=NgsesuLpyOg
Xpath and XML injection
204. Introduction to Xpath injection - https://www.youtube.com/watch?v=2_UyM6Ea0Yk&t=3102s
205. Introduction to XML injection - https://www.youtube.com/watch?v=9ZokuRHo-eY
206. Practical 1 - bWAPP - https://www.youtube.com/watch?v=6tV8EuaHI9M
207. Practical 2 - Mutillidae - https://www.youtube.com/watch?v=fV0qsqcScI4
208. Practical 3 - webgoat - https://www.youtube.com/watch?v=5ZDSPVp1TpM
209. Hack admin panel using Xpath injection - https://www.youtube.com/watch?v=vvlyYlXuVxI
210. XXE demo - https://www.youtube.com/watch?v=3B8QhyrEXlU
211. XXE demo 2 - https://www.youtube.com/watch?v=UQjxvEwyUUw
212. XXE demo 3 - https://www.youtube.com/watch?v=JI0daBHq6fA
LDAP injection
213. Introduction and practical 1 - https://www.youtube.com/watch?v=-TXFlg7S9ks
214. Practical 2 - https://www.youtube.com/watch?v=wtahzm_R8e4
OS command injection
215. OS command injection in bWAPP - https://www.youtube.com/watch?v=qLIkGJrMY9k
216. bWAAP- OS command injection with Commiux (All levels) - https://www.youtube.com/watch?v=5-1QLbVa8YE
Local file inclusion
217. Detailed introduction - https://www.youtube.com/watch?v=kcojXEwolIs
218. LFI demo 1 - https://www.youtube.com/watch?v=54hSHpVoz7A
10. 219. LFI demo 2 - https://www.youtube.com/watch?v=qPq9hIVtitI
Remote file inclusion
220. Detailed introduction - https://www.youtube.com/watch?v=MZjORTEwpaw
221. RFI demo 1 - https://www.youtube.com/watch?v=gWt9A6eOkq0
222. RFI introduction and demo 2 - https://www.youtube.com/watch?v=htTEfokaKsM
HTTP splitting/smuggling
223. Detailed introduction - https://www.youtube.com/watch?v=bVaZWHrfiPw
224. Demo 1 - https://www.youtube.com/watch?v=mOf4H1aLiiE
Phase 11 – Generating and testing error codes
225. Generating normal error codes by visiting files that may not exist on the server - for example visit chintan.php or chintan.aspx file on any website
and it may redirect you to 404.php or 404.aspx or their customer error page. Check if an error page is generated by default web server or application
framework or a custom page is displayed which does not display any sensitive information.
226. Use BurpSuite fuzzing techniques to generate stack trace error codes - https://www.youtube.com/watch?v=LDF6OkcvBzM
Phase 12 – Weak cryptography testing
227. SSL/TLS weak configuration explained - https://www.youtube.com/watch?v=Rp3iZUvXWlM
228. Testing weak SSL/TLS ciphers - https://www.youtube.com/watch?v=slbwCMHqCkc
229. Test SSL/TLS security with Qualys guard - https://www.youtube.com/watch?v=Na8KxqmETnw
230. Sensitive information sent via unencrypted channels - https://www.youtube.com/watch?v=21_IYz4npRs
Phase 12 – Business logic vulnerability
231. What is a business logic flaw - https://www.youtube.com/watch?v=ICbvQzva6lE&list=PLWoDr1kTbIxKZe_JeTDIcD2I7Uy1pLIFI
232. The Difficulties Finding Business Logic Vulnerabilities with Traditional Security Tools -
https://www.youtube.com/watch?v=JTMg0bhkUbo&list=PLWoDr1kTbIxKZe_JeTDIcD2I7Uy1pLIFI&index=2
233. How To Identify Business Logic Flaws - https://www.youtube.com/watch?v=FJcgfLM4SAY&list=PLWoDr1kTbIxKZe_JeTDIcD2I7Uy1pLIFI&index=3
234. Business Logic Flaws: Attacker Mindset - https://www.youtube.com/watch?v=Svxh9KSTL3Y&list=PLWoDr1kTbIxKZe_JeTDIcD2I7Uy1pLIFI&index=4
235. Business Logic Flaws: Dos Attack On Resource -
https://www.youtube.com/watch?v=4S6HWzhmXQk&list=PLWoDr1kTbIxKZe_JeTDIcD2I7Uy1pLIFI&index=5
236. Business Logic Flaws: Abuse Cases: Information Disclosure -
https://www.youtube.com/watch?v=HrHdUEUwMHk&list=PLWoDr1kTbIxKZe_JeTDIcD2I7Uy1pLIFI&index=6
11. 237. Business Logic Flaws: Abuse Cases: iPod Repairman Dupes Apple -
https://www.youtube.com/watch?v=8yB_ApVsdhA&list=PLWoDr1kTbIxKZe_JeTDIcD2I7Uy1pLIFI&index=7
238. Business Logic Flaws: Abuse Cases: Online Auction -
https://www.youtube.com/watch?v=oa_UICCqfbY&list=PLWoDr1kTbIxKZe_JeTDIcD2I7Uy1pLIFI&index=8
239. Business Logic Flaws: How To Navigate Code Using ShiftLeft Ocular -
https://www.youtube.com/watch?v=hz7IZu6H6oE&list=PLWoDr1kTbIxKZe_JeTDIcD2I7Uy1pLIFI&index=9
240. Business Logic Security Checks: Data Privacy Compliance -
https://www.youtube.com/watch?v=qX2fyniKUIQ&list=PLWoDr1kTbIxKZe_JeTDIcD2I7Uy1pLIFI&index=10
241. Business Logic Security Checks: Encryption Compliance -
https://www.youtube.com/watch?v=V8zphJbltDY&list=PLWoDr1kTbIxKZe_JeTDIcD2I7Uy1pLIFI&index=11
242. Business Logic Security: Enforcement Checks -
https://www.youtube.com/watch?v=5e7qgY_L3UQ&list=PLWoDr1kTbIxKZe_JeTDIcD2I7Uy1pLIFI&index=12
243. Business Logic Exploits: SQL Injection - https://www.youtube.com/watch?v=hcIysfhA9AA&list=PLWoDr1kTbIxKZe_JeTDIcD2I7Uy1pLIFI&index=13
244. Business Logic Exploits: Security Misconfiguration -
https://www.youtube.com/watch?v=ppLBtCQcYRk&list=PLWoDr1kTbIxKZe_JeTDIcD2I7Uy1pLIFI&index=15
245. Business Logic Exploits: Data Leakage - https://www.youtube.com/watch?v=qe0bEvguvbs&list=PLWoDr1kTbIxKZe_JeTDIcD2I7Uy1pLIFI&index=16
246. Demo 1 - https://www.youtube.com/watch?v=yV7O-QRyOao
247. Demo 2 - https://www.youtube.com/watch?v=mzjTG7pKmQI
248. Demo 3 - https://www.youtube.com/watch?v=A8V_58QZPMs
249. Demo 4 - https://www.youtube.com/watch?v=1pvrEKAFJyk
250. Demo 5 - https://hackerone.com/reports/145745
251. Demo 6 - https://hackerone.com/reports/430854
12. Don’t Forget to subscribe and
join our channel !
Youtube.com/IndianAnonS
T.me/DarkCoderSS
Copy with credits ....