We need to extract information from the web application that will be useful for our security testing.
- [Instructor] In the previous video,…we learned how to make our crawler recursive.…In this video, we're going to take a look…at how to extract other interesting information…that will be useful for our security analysis,…like emails, forms, and comments.…We have added recursive capabilities to our crawler.…Now, we're ready to add more features.…In this case, we'll be going to add…some extractions capabilities for emails,…because it's always useful to have valid accounts,…which could be handy during our tests.…
Forms will be useful to know…where there is information being submitted from…the browser to the application.…Comments could provide interesting information,…which developers may have left in production…without realizing.…There is more stuff…that you can obtain from web applications.…but these are usually the most useful.…First, let's add these fields into our item.…Open the file items.py in Atom,…and add email equals scrapy.Field,…form equals scrapy.Field,…comment equals scrapy.Field,…PDF equals scrapy.Field,…
Stop using automated testing tools. Customize and write your own tests with Python! While there are an increasing number of sophisticated ready-made tools to scan systems for vulnerabilities, Python allows testers to write system-specific scripts—or alter and extend existing testing tools—to find, exploit, and record as many security weaknesses as possible. This course will give you the necessary skills to write custom tools for different scenarios and modify existing Python tools to suit your application's needs.
Christian Martorella starts off by providing an overview of the web application penetration testing process and the tools the professionals use to perform these tests. Next he shows how to interact with web applications using Python, HTTP, and the Requests library. Then follow the web application penetration testing methodology. Each section contains practical Python examples. To finish off, Christian shows how to use the tools against a vulnerable web application created specifically for this course.
- Understanding web penetration testing
- Interacting with web applications via HTTP and the Requests library
- Analyzing HTTP responses
- Web crawling with Scrapy
- Extracting information
- Discovering resources
- Testing passwords
- Detecting and exploiting SQL injection vulnerabilities
- Intercepting HTTP requests