You’ll learn about web application mapping, what it is, and how to do it.
- [Christian] Hi, and welcome to Section 3.…In the previous section, we learned how to interact…with a web application programmatically,…using Python, and requests library.…In this section, we will learn about…web application mapping, then,…we're going to build our first crawler with Scrapy.…And finally, we're going to make it recursive,…and make it extract interesting information…about the web application.…Now, we move on to the first video of this section,…that covers, what is Web Application Mapping?…In this video, we will learn about…what application mapping is, why it is important,…and finally, we'll see an example of how Burp Suite…creates the map of an application.…
Remember in Section 1,…we learned about the penetration testing process.…In that process, the second phase was mapping.…In the mapping phase, we need to build a map, or catalog,…of the application resources, and functionalities.…As a security tester, we aim to identify…all the components and entry points in the app.…The main components that we are interested in,…
Stop using automated testing tools. Customize and write your own tests with Python! While there are an increasing number of sophisticated ready-made tools to scan systems for vulnerabilities, Python allows testers to write system-specific scripts—or alter and extend existing testing tools—to find, exploit, and record as many security weaknesses as possible. This course will give you the necessary skills to write custom tools for different scenarios and modify existing Python tools to suit your application's needs.
Christian Martorella starts off by providing an overview of the web application penetration testing process and the tools the professionals use to perform these tests. Next he shows how to interact with web applications using Python, HTTP, and the Requests library. Then follow the web application penetration testing methodology. Each section contains practical Python examples. To finish off, Christian shows how to use the tools against a vulnerable web application created specifically for this course.
- Understanding web penetration testing
- Interacting with web applications via HTTP and the Requests library
- Analyzing HTTP responses
- Web crawling with Scrapy
- Extracting information
- Discovering resources
- Testing passwords
- Detecting and exploiting SQL injection vulnerabilities
- Intercepting HTTP requests