Did u record this video in 2015?

You are using Burp Suite Pro. Why do you not use Burp Suite Community..???

The background music makes it hard to hear what the teacher is saying

I would like to see a template for BIA, BCP & DRP, and other types of CISSP material. More day in the life of the practice/real world implementation. Nothing too fancy, maybe a scenario with examples? Something to really bring it all together from text to implementation. Thank you

Is this for ISC2 SSCP?

Just for me Start at 3:28 3:39 understanding web app security 9:01 specific paradiagms (querry strings, routing, http verb) 17:55 real web app security construct ( practical) 21:50 protections offered by browsers 30:24 browsers can't defend against 32:59 what's not covered in this course 34:24 summary NEXT MODULE 36:25 Recon & footprinting ( netsparker crawling) 42:35 forced browsing (burp suite ) 56:26 banner grabing ( wget cmd line) 58:53 server fingerprinting ( zenmap gui or nmap cmd line) 1:02:51 discover development artifacts ( acunetix) 1:10:50 CVE's 1:13:43 shodan 1:15:37 summary NEXT MODULE tampering of untrusted data 1:17:28 OWASP Top 10 1:19:41 understanding untrusted data 1:25:27 parameter tempering demo (practical) 1:26:39 fiddler (proxy tool) 1:42:38 IDOR 1:47:10 defending against tampering 1:51:42 summary NEXT MODULES Attacks that involves the client 1:53:18 xss cross-site scripting 2:02:47 persistent xss 2:08:25 defending against xss XSS RESOUCES 2:12:10 xssposed[.]org 2:13:32 Xss filter evasion cheat sheet 2:15:24 validation 2:22:46 insufficient transport layer security 2:25:08 sensitive data exposure 2:31:10 CSRF 2:38:19 summary 2:41:19 identity management ( repetitive for 8 min after 2:44:17 ) 2:52:30 identity enumeration (mailinator 2:56:48) 2:58:25 identity enumeration via login timing ( repititive for 8 min after 3:00:40 ) 3:08:43 remember me feature NEXT MODULE Access Control 3:13:24 Denial of service 3:41:59 improper handling Security misconfiguration 3:48:32 understand salted hashes 4:00:35 owasp password storage cheat sheet 4:01:57 unvalidated redirects & forward 4:08:41 internal logs exposed unintentionally (ELMAH) 4:21:33 summary

The software app used in the videos starts from module 2. Netsparker? is it free to use or paid?

Suppose i do this ...where tve session id is stored ... where the attackers can see it ? Do they have database for store it

Fantastic course. Thanks

Wondering if i could ask for advice to see if i was hacked or anyone could help me out

Wondering if you could help tell me I was hacked

I was wondering if could ask you a question I found a search in my history on Google Chrome Searched for support.google.com/apis/search? query=& with alot of numbers I click on it and it says search session id with alot of info I never looked it up there is like 20 times in a day it was searched in my history do you think I was hacked

Can I ask you some questions about search session id

Awesome course and if you add timestamps then it will be more beneficial and get more views❤

nice explain!

I agree with the previous reviewer, the images are quite difficult to see, even at "1080p". Good presentation, good voice. Wish you best success!

Is this Zero Day Vulnerability?

WE can get material

I am here, too.😁😁😁💗💗💗

Bro you are great. This means a lot. That's a lot of information for me . Thankyou

where can find tools that u using in this course

NEO was a hacker

This video is great

hey man! you're really good just case d you have a course on Udemy? Let me know so you can buy your staff !! Super Great Video!!!!! Best

Please refrain from using the background music. Thanks!

Thank you

Walker Edward Harris Linda Taylor Donna

Lewis Ronald Thomas Larry Martin Betty

Johnson Larry Thomas Amy Robinson Christopher

Thank you for this excellent course but maybe change the background dark.

why in windows? 2:43 - 2:52 is repiting

keyturion is good keylogger

Thank you

javascript in browsers cant execute powershell, fix your videos.

for you many beer today

00:03 High prevalence of serious security vulnerabilities in web applications 02:38 Highlighting the significant costs of a security breach 07:26 Attacks against web applications can lead to larger security risks beyond just the web app itself 09:53 Understanding web application conventions and query strings 14:34 Understanding the significance of HTTP verbs in request construction. 17:12 REST-based pattern and HTTP verbs are commonly used for APIs and can lead to vulnerabilities. 21:25 Browsers offer protections for users 23:38 Browsers protect users from invalid certificates by blocking access to the site. 28:04 Browsers are getting better at defending against XSS vulnerabilities. 30:19 Browsers have limitations in defending against certain cyber attacks. 34:44 Web application security incidents can have serious consequences. 36:57 Spidering in web application testing is crucial for reconnaissance and footprinting 41:00 Discovering sensitive information through spidering 43:10 Forced browsing helps in understanding application structure 47:16 Forced browsing involves brute forcing and making many requests to explore application paths 49:21 Forced browsing yields mostly negative results, but HTTP 200 results are interesting. 53:41 Web application vulnerability allows remote file retrieval. 55:53 Directory Traversal identification can provide useful insights on the underlying system 1:00:15 Nmap is conducting detailed scans to discover open ports, initiate OS detection, and run trace routes. 1:02:18 Discovering server fingerprinting and development artifacts 1:06:44 Web services and web applications are similar, but web services are not necessarily intended to be human readable. 1:08:52 Utilize self-documenting APIs for finding hidden features 1:13:24 Showdown tool can be used to find at-risk systems, like those vulnerable to SQL injection in Drupal 7. 1:15:37 Reconnaissance and footprinting are crucial for gathering information in web application penetration testing 1:20:02 Untrusted data sources in web application penetration testing 1:22:14 Attacker manipulation through routing and HTTP verbs 1:26:40 Fiddler is a useful HTTP proxy for testing web application security. 1:28:40 Demonstrating parameter tampering in web application testing. 1:32:56 Changing hidden form field values can lead to serious security vulnerabilities 1:35:04 Mass Assignment Attack 1:39:18 Cookie poisoning involves tampering with untrusted data in the form of cookies. 1:41:33 Cookie poisoning and Insecure Direct Object References 1:45:49 Changed someone else's name due to an insecure direct object reference risk 1:48:07 Verify identity independently and on the server to prevent data manipulation. 1:52:35 Validation of untrusted data is crucial to prevent system tampering. 1:54:49 Untrusted data reflection and potential system vulnerabilities 1:59:05 Explaining XSS attack using cookies 2:01:11 Explaining reflected cross-site scripting attack 2:05:26 Exploring cross-site scripting risk via DNS records 2:08:08 Defending against XSS attacks involves data validation and encoding for the right context. 2:12:33 Exploring XSS attacks and evasion techniques 2:14:40 Evasion techniques in Web Application Penetration Testing 2:18:49 Bypassing client side controls by registering directly to the server with modified data. 2:21:02 Client-side validation is important but can be circumvented easily 2:25:34 Importance of using Transport Layer Security for login forms 2:27:48 Using Fiddler script to intercept and modify HTTP traffic 2:32:03 CSRF attacks exploit authenticated users 2:34:04 Attackers can exploit the browser's automatic sending of valid cookies to make requests on behalf of the user. 2:38:37 Challenges in client-side attack detection 2:40:48 Antiforgery tokens are critical for protecting against CSRF attacks. 2:45:14 Password reset process required only username and birth date for verification. 2:47:21 Poor identity management examples in login process 2:51:43 Identity enumeration vulnerability demonstrated through password reset process 2:53:55 Website enumeration can lead to serious privacy violations. 2:58:14 Understanding login timing can reveal account existence. 3:00:19 Identity management plays a crucial role in cybersecurity 3:04:46 Email enumeration is a crucial risk to defend against 3:07:00 Timing analysis to determine account existence 3:11:09 Vulnerabilities in remember me implementation 3:13:19 Importance of access controls in preventing denial of service attacks 3:17:56 Prevent denial of service attacks by utilizing email-based password reset functionality 3:20:16 Handling multiple failed login attempts to prevent denial of service attacks 3:24:34 Understanding the nature of distributed denial of service attacks 3:26:42 DDOS attacks are volumetric and globally distributed 3:31:14 DDOS attacks using tool L and its impact on websites 3:33:23 DDoS attacks are easily executed using simple tools and can be highly impactful, often involving crowd-sourcing and utilizing botnets or cloud-based services. 3:38:34 DDOS attacks can target specific features of web applications to cause high overhead. 3:40:47 Understanding the impact of DDOS attacks on database queries 3:45:09 Identifying application behavior and information leakage 3:47:21 Improper error handling leading to SQL injection risk 3:51:46 Web application hashes and salts passwords for secure login process 3:53:50 Database leaked salts and shaan hashes can be cracked using software 3:58:21 Hashcat can compute hashes at incredibly high speeds 4:00:32 The importance of making password hashes slow 4:04:59 Unvalidated redirect and forward exploit the trust in a website's domain to serve malicious content. 4:07:09 Unvalidated redirects and forwards can lead to malicious actions. 4:11:38 Conducting a carefully crafted Google search exposes sensitive internal information on live production websites. 4:13:53 Rising importance of web services for connected devices 4:18:15 APIs behind rich client apps have unique security risks 4:20:16 Developers often neglect the ability to tamper with parameters, leading to incorrect assumptions about integrity. 4:24:35 Risks of depending on Internet services

Blasting music after

Thank your lerson today i think lerner very with your lerson .

can anyone tell who is the creator of this course?

good video but the quality of video aren't good , thank very much for the work

Do you have plan to add more videos in field of security?

If i was to pay for your help with hacking an account would that be possible..

Wow, really such a good channel. ❤🎉 Why is this channel not popular?

this is good thanks but it doesn't talk much about evading honeypots...

Amazing, I was browsing LinkedIn when I came across a vacancy that had tenable prerequisites, on KZbin I found the video, do you have LinkedIn?