Learn how to run the Web Goat test to look for exposed sensitive data in the HTML code.
- [Instructor] WebGoat provides a simple lesson…in finding exposed data in the source HTML code…for a web page.…I'll start up WebGoat and connect to it on port 8080.…
From the main WebGoat page, we can select…the seventh menu item on the left, Code Quality,…and then select Discover Clues in the HTML.…Okay, let's take a look at this.…We can right click on the Login button…and select Inspect Element.…This will bring up a panel at the bottom…with the login code.…We can see we're on the line which will submit our fields.…Let's scroll upwards.…
Okay, here we can see a couple of comments…which provide the admin credentials,…the User ID of admin and Password of admin PW…together with a comment that these can be…used to regenerate the database.…Let's close the Inspection pane and use these values,…and we've successfully completed the lesson.…
Note: The topics in this course will prepare you for key objectives on the Certified Ethical Hacker exam. Find an overview of the certification and the exam handbook at https://www.eccouncil.org/programs/certified-ethical-hacker-ceh/.
- Dissecting HTTP/HTTPS protocol
- Working with WebSockets
- Understanding cookies
- Installing testing tools such as Hacme Casino and the Vega Scanner
- Running web application tests
- Practicing your skills
Skill Level Intermediate
Ethical Hacking: Denial of Servicewith Malcolm Shore1h 27m Intermediate
1. Introduction to Web
2. Getting Ready to Test
3. Running Basic Web Application Tests
4. Advanced Web Application Tests
5. Practicing Your Skills
What's next1m 11s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.