In this video, we’ll look at wrapping up the course.
- [Instructor] Hi, and welcome to the last video.…This is the final video of the course.…Congratulations on successfully reaching the finale.…In this video, we're going to wrap up the course,…propose further activities to put into practice…what you learned, and finally…provide some resources to keep on learning…and expanding your Python skills for penetration testing.…During this course, we learned about…web application security testing.…What is the methodology used by professionals when…reviewing the security of a website?…We learned how to interact with a web application using…Python and Requests Library.…
Once we learned the basics,…we moved on to focus on how to automate the main activities…of each of the methodology phases.…For Reconnaissance, we developed…a web crawler using Scrappy.…This tool allows us to recall recursively a website…and extract interesting information.…For the Mapping phase we created a brute forcing tool that…will help us identify resources in a web application.…Next, for the Vulnerability and Exploitation phase,…
Stop using automated testing tools. Customize and write your own tests with Python! While there are an increasing number of sophisticated ready-made tools to scan systems for vulnerabilities, Python allows testers to write system-specific scripts—or alter and extend existing testing tools—to find, exploit, and record as many security weaknesses as possible. This course will give you the necessary skills to write custom tools for different scenarios and modify existing Python tools to suit your application's needs.
Christian Martorella starts off by providing an overview of the web application penetration testing process and the tools the professionals use to perform these tests. Next he shows how to interact with web applications using Python, HTTP, and the Requests library. Then follow the web application penetration testing methodology. Each section contains practical Python examples. To finish off, Christian shows how to use the tools against a vulnerable web application created specifically for this course.
- Understanding web penetration testing
- Interacting with web applications via HTTP and the Requests library
- Analyzing HTTP responses
- Web crawling with Scrapy
- Extracting information
- Discovering resources
- Testing passwords
- Detecting and exploiting SQL injection vulnerabilities
- Intercepting HTTP requests