Description
You’ve found a XSS vulnerability….but now what?
Has a client ever wanted you to demonstrate the danger of a vulnerability you found for them?
If so, then you need to Learn Ethical Hacking with JavaScript! After this course, you will be able to exploit web security vulnerabilities by using a variety of skills and techniques centered on JavaScript.
After a quick review of some common web application flaws, we’ll jump right into using JavaScript as an offensive weapon against the application and clients.
Each topic is presented from the perspective of requiring the pentester to demonstrate how a vulnerability can be exploited and the potential impact of not taking corrective action. The course provides a balanced mix of theory, code, and live demonstrations of each exploit in action.
Learn to tamper with site content – altering the page, forms, links, and functionality. Then take it to the next level by abusing HTML forms to capture additional data on form submission, sending that data to a server you control.
See how to disclose the contents of user cookies, then quickly move to stealing the cookies and sending them to another server. Learn to steal credentials and abuse application authentication.
Further compromise users by capturing mouse interactions and implementing a custom key logger. Learn to abuse knowledge-based authentication schemes such as the secret question/answer approach for account resets.
Progress to more advanced techniques where you learn to chain together multiple attacks aimed at exploiting several application vulnerabilities simultaneously. Areas covered here include creating fraudulent forum posts, spear phishing campaigns, and using command injection to access a web server’s operating system.
And we’ll wrap the course up with some defensive techniques you can use to prevent the types of attacks we’ve been launching at web applications.