This course focuses on Burp Suite. A free version is available for download. However, it does not provide the full functionality as the Pro does. A trial version is available for the paid edition. Both versions work with Linux, Mac and Windows as well.
This is not a web application hacking course! However, you will get to know various web attacks. The attacks will target a test environment based on OWASP WebGhoat vulnerable web application. The course is fully hands-on so that you can practice yourself everything while you learn.
What are the requirements?
- Understand how HTTP comunication works
- Basic knowledge of Web Applications vulnerabilities
What am I going to get from this course?
- Learn the most important features of the Burp Suite
- Hands-on exercises
- Do efficient manual web penetration testing
- Learn to use Burp to automate certain attacks
Who is the target audience?
- IT security engineers
- IT passionate and students
- Ethical Hackers and Penetration Testers
Senior Information Security Consultant
- I work in the Internet security team, focused on ethical hacking - deliberately and purposefully challenging the IT security assumptions, strategies, and methods of protecting vital assets and information by emulating an adversary.
- Scan and exploit for a wide variety of data center infrastructure and application vulnerabilities, following defined rules of engagement and attack scenarios (ethical hacking).
- Make recommendations on security weaknesses and report on activities and findings.
- Perform Internet penetration testing (black box / white box testing) and code reviews (manual and automated)
- Use testing tools as NetBIOS scanning, network pinging and testing, packet crafting and analyzing, port scanning for vulnerability assessment
- Perform analysis and testing to verify the strengths and weaknesses of Web Applications and Web Services (SML, SOAP, WSDL, UDDI, etc.)
- Perform analysis and testing to verify the strengths and weaknesses of a variety of operating systems, network devices, web applications, and security architectures
- Assist with the development of remediation services for identified findings
- Customize, operate, audit, and maintain security related tools and applications
- CEH, ECSA, CHFI from EC-Council
- Cisco CCNA, CCNA Security, Linux Essentials
- Various Custom Trainings
- CREST Registered Penetration Tester (CRT)
- CHFI (Computer Hacking Forensic Investigator)
- ISO 270001 Lead Auditor
- ECSA (EC-Council Security Analyst)
- CEH (Certified Ethical Hacker)
- CCNA and CCNA Security
- CCNP Routing and CCNP Switching
- Advanced Linux&InfoSEC
- VMWare vSphere Install, Configure, Manage
- Microsoft Certified Technology Specialist (MCTS/MCP 70-642): Microsoft Windows Server 2008 Network Infrastructure, etc.
StartGeneral Concept (4:23)
StartTarget Module (10:21)
StartProxy Module - Part 1 (11:48)
StartProxy Module - Part 2 (10:06)
StartSpider Module (6:34)
StartRepeater Module (9:17)
StartSequencer and Scanner Modules (12:10)
StartDecoder Module (9:09)
StartIntruder and Comparer Modules (14:20)
StartBApp Store (13:26)