https://www.tcm.rocks/KeeperDemo Keeper Security’s next-gen privileged access management solution delivers enterprise-grade password, secrets and privileged connection management in one unified platform. Request a demo on how you can protect your organization against cyber threats with zero-trust Enterprise Password Management (EPM). https://www.tcm.rocks/KeeperDemo
Check out the full Practical Bug Bounty course here: https://www.tcm.rocks/PracticalBugBounty
You can sign up for Intigriti's Program here: https://www.tcm.rocks/IntigritiSignUp
Labs for this video: https://drive.google.com/file/d/1RhCnYNBJ49hhJ5QTaFUVZG5EhT-DVlt4/view?usp=sharing
Sponsor a Video: https://www.tcm.rocks/Sponsors
Pentests & Security Consulting: https://tcm-sec.com
Get Trained: https://academy.tcm-sec.com
Get Certified: https://certifications.tcm-sec.com
Merch: https://merch.tcm-sec.com
0:00:00 - Intro
0:03:00 - Keeper Security Sponsorship
0:03:48 - Course Introduction
0:10:02 - Importance of Web App Security
0:16:26 - Web App Security Standards and Best Practices
0:29:57 - Bug Bounty Hunting vs Penetration Testing
0:40:16 - Phases of a Web App Pentest
0:57:36 - CryptoCat Introduction
0:59:19 - Understanding Scope, Ethics, Code of Conduct, etc.
1:13:29 - Common Scoping Mistakes
1:37:59 - Installing VMWare / VirtualBox
1:41:14 - Installing Linux
1:50:20 - Lab Installation
1:57:36 - Web Technologies
2:02:14 - HTTP & DNS
2:05:47 - Fingerprinting Web Technologies
2:18:00 - Directory Enumeration and Brute Forcing
2:38:07 - Subdomain Enumeration
2:55:43 - Burp Suite Overview
3:34:35 - Introduction to Authentication
3:36:11 - Brute-force Attacks
3:43:11 - Attacking MFA
3:48:38 - Authentication Challenge Walkthrough
3:58:38 - Intro to Authorization
3:59:48 - IDOR - Insecure Direct Object Reference
4:06:15 - Introduction to APIs
4:11:04 - Broken Access Control
4:19:33 - Testing with Autorize
4:27:02 - Introduction to LFI/RFI
4:28:39 - Local File Inclusion Attacks
4:32:59 - Remote File Inclusion Attacks
4:40:37 - File Inclusion Challenge Walkthrough
4:45:05 - Conclusion
Social Media
___________________________________________
Twitter: https://twitter.com/thecybermentor
Twitch: https://www.twitch.tv/thecybermentor
Instagram: https://instagram.com/thecybermentor
LinkedIn: https://www.linkedin.com/in/heathadams
TikTok: https://tiktok.com/@thecybermentor
Discord: https://discord.gg/tcm
Donate
___________________________________________
Like the channel? Please consider supporting me on Patreon:
https://www.patreon.com/thecybermentor
Support the stream (one-time): https://streamlabs.com/thecybermentor
Hacker Books:
Penetration Testing: A Hands-On Introduction to Hacking: https://amzn.to/31GN7iX
The Hacker Playbook 3: https://amzn.to/34XkIY2
Hacking: The Art of Exploitation: https://amzn.to/2VchDyL
The Web Application Hacker's Handbook: https://amzn.to/30Fj21S
Real-World Bug Hunting: A Field Guide to Web Hacking: https://amzn.to/2V9srOe
Social Engineering: The Science of Human Hacking: https://amzn.to/31HAmVx
Linux Basics for Hackers: https://amzn.to/34WvcXP
Python Crash Course, 2nd Edition: https://amzn.to/30gINu0
Violent Python: https://amzn.to/2QoGoJn
Black Hat Python: https://amzn.to/2V9GpQk
My Build:
lg 32gk850g-b 32" Gaming Monitor:https://amzn.to/30C0qzV
darkFlash Phantom Black ATX Mid-Tower Case: https://amzn.to/30d1UW1
EVGA 2080TI: https://amzn.to/30d2lj7
MSI Z390 MotherBoard: https://amzn.to/30eu5TL
Intel 9700K: https://amzn.to/2M7hM2p
G.SKILL 32GB DDR4 RAM: https://amzn.to/2M638Zb
Razer Nommo Chroma Speakers: https://amzn.to/30bWjiK
Razer BlackWidow Chroma Keyboard: https://amzn.to/2V7A0or
CORSAIR Pro RBG Gaming Mouse: https://amzn.to/30hvg4P
Sennheiser RS 175 RF Wireless Headphones: https://amzn.to/31MOgpu
My Recording Equipment:
Panasonic G85 4K Camera: https://amzn.to/2Mk9vsf
Logitech C922x Pro Webcam: https://amzn.to/2LIRxAp
Aston Origin Microphone: https://amzn.to/2LFtNNE
Rode VideoMicro: https://amzn.to/309yLKH
Mackie PROFX8V2 Mixer: https://amzn.to/31HKOMB
Elgato Cam Link 4K: https://amzn.to/2QlicYx
Elgate Stream Deck: https://amzn.to/2OlchA5
*We are a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for us to earn fees by linking to Amazon.com and affiliated sites.