Web Application Penetration Testing
Weak Cryptography
Web Application Penetration Testing,
Weak cryptography can lead to very severe consequences. In this course, Web Application Penetration Testing: Weak Cryptography, you will learn how to test for weak cryptography in modern web applications. First, you will learn about HTTPS enforcement and insecure cookie processing. You will see that users’ credentials can be disclosed over insecure channel when HTTPS enforcement is not implemented in the web application. You will also see a demonstration in which a cookie with sensitive data can be disclosed over insecure channel, even if secure HTTPS is enforced in the web application. Next, you will explore Transport Layer Protection, Heartbleed vulnerability, and mixed content vulnerability. You will see how to check if Transport Layer Protection is configured securely in your web application, and how the attacker can read sensitive data from the memory of the web server as a result of Heartbleed vulnerability (which is one of the most famous vulnerabilities in crypto libraries). You will also see what dangers can happen when there is mixed content vulnerability in your web application. Finally, you will discover session randomness analysis, insecure password storage, and Sub-resource Integrity Protection. You will see how you can analyze the randomness of session IDs in your web application with Burp Suite Sequencer. You will learn why you should store a hash of the password (instead of the password in plaintext) and how it can solve your problems with insecure password storage. You will also learn how Subresource Integrity can be used to protect the integrity of scripts and style sheets in your web applications. By the end of this course, you will know how severe consequences can happen as a result of weak cryptography and you will also know how to test for weak cryptography in modern web applications.
Get a Reminder
Rating | Not enough ratings |
---|---|
Length | 0.8 hours |
Starts | On Demand (Start anytime) |
Cost | $35/month (Access to entire library- free trial available) |
From | Pluralsight |
Instructor | Dawid Czagan |
Download Videos | On Windows, MacOS, iOS, and Android Pluralsight app |
Language | English |
Subjects | IT & Networking |
Tags | Security Professional |
Get a Reminder
Similar Courses
Careers
An overview of related careers and their average salaries in the US. Bars indicate income percentile.
Web Application Engineer 4 $65k
Web Application Coordinator $73k
Web Application Programmer 3 4 $83k
C# .Net Web Application Developer $85k
Web Application Designer, IT $86k
Web Application testing $87k
R&D - Web Application Developer $91k
Web Application Integrator $97k
IT Web/Application Developer $98k
Windows and Web Application Developer $112k
Web Application Programmer 3 $113k
Application and Web Developer Consultant $122k
Write a review
Your opinion matters. Tell us what you think.
Please login to leave a review
Rating | Not enough ratings |
---|---|
Length | 0.8 hours |
Starts | On Demand (Start anytime) |
Cost | $35/month (Access to entire library- free trial available) |
From | Pluralsight |
Instructor | Dawid Czagan |
Download Videos | On Windows, MacOS, iOS, and Android Pluralsight app |
Language | English |
Subjects | IT & Networking |
Tags | Security Professional |
Similar Courses
Sorted by relevance
Like this course?
Here's what to do next:
- Save this course for later
- Get more details from the course provider
- Enroll in this course