The most important security control in a web application is the authentication. Let’s learn password testing and the different approaches.
- View Offline
- [Instructor] Hi and welcome to Section 5 Password Testing.…In the previous section, we have learned how to write…a basic web application brute forcer…to help us with the resources discovery.…In this section, we're going to learn…different types of authentication methods…that a web application can use, and we're going to develop…our own web application password cracking tool with Python.…In this section, we're going to learn…how password attacks work.…The different methods of authentication.…And then we're going to start creating…our password cracker with Python.…
The different methods we're going to cover are…Basic authentication, Digest authentication,…and finally Form-based authentication.…Let's move onto the first video in this section.…How password attacks work.…In this video, we're going to take a look…at what is password cracking,…which is also known as password testing.…We will cover the different approaches we can take…when doing password cracking.…And finally, we're going to learn about password policies…
Stop using automated testing tools. Customize and write your own tests with Python! While there are an increasing number of sophisticated ready-made tools to scan systems for vulnerabilities, Python allows testers to write system-specific scripts—or alter and extend existing testing tools—to find, exploit, and record as many security weaknesses as possible. This course will give you the necessary skills to write custom tools for different scenarios and modify existing Python tools to suit your application's needs.
Christian Martorella starts off by providing an overview of the web application penetration testing process and the tools the professionals use to perform these tests. Next he shows how to interact with web applications using Python, HTTP, and the Requests library. Then follow the web application penetration testing methodology. Each section contains practical Python examples. To finish off, Christian shows how to use the tools against a vulnerable web application created specifically for this course.
- Understanding web penetration testing
- Interacting with web applications via HTTP and the Requests library
- Analyzing HTTP responses
- Web crawling with Scrapy
- Extracting information
- Discovering resources
- Testing passwords
- Detecting and exploiting SQL injection vulnerabilities
- Intercepting HTTP requests