Checklist

Certification

You will get a certificate on completing this course.

University

This course is not affiliated with any university.

Price

This course costs very less.

Edvicer's Rewards

You can get a cashback of ₹ 100 on buying this course.

Hack Yourself First: How to go on the Cyber-Offense

Hack Yourself First: How to go on the Cyber-Offense

1425/month
Start anytime
Self paced
English
Course by
PluralsightCourses from Pluralsight
Certificate awarded
Intermediate
Login to earn ₹ 100

Limited Time Discount Offers

Save your money with Edvicer. Check out our premium courses with discount offers.

Discount offers - Edvicer

Limited Time Discount Offers

Save your money with Edvicer. Check out our premium courses with discount offers.

Map your Career

Not sure which job profiles this course will open for you? Check out our AI based tool to get a complete personalized career map.

Career Mapper - Edvicer

Map your Career

Not sure which job profiles this course will open for you? Check out our AI based tool to get a complete personalized career map.

Checklist

Certification

You will get a certificate on completing this course.

University

This course is not affiliated with any university.

Price

This course costs very less.

Edvicer's Rewards

You can get a cashback of ₹ 100 on buying this course.

Why should you choose this course?

Description

"Hack Yourself First" is all about developers building up cyber-offense skills and proactively seeking out security vulnerabilities in their own websites before an attacker does.

Syllabus

About the course
Why hack yourself first
Introducing a vulnerable website – Supercar Showdown
Using Chrome's developer tools
Monitoring and composing requests with Fiddler
Modifying requests and responses in Fiddler
Introduction
The three objectives of transport layer protection
Understanding a man in the middle attack
Protecting sensitive data in transit
The risk of sending cookies over insecure connections
How loading login forms over HTTP is risky
Exploiting mixed-mode content
The HSTS header
Summary
Introduction
Understanding untrusted data and sanitisation
Establishing input sanitisation practices
Understanding XSS and output encoding
Identifying the use of output encoding
Delivering a payload via reflected XSS
Testing for the risk of persistent XSS
The X-XSS-Protection header
Summary
Introduction
Cookies 101
Understanding HttpOnly cookies
Understanding secure cookies
Restricting cookie access by path
Reducing risk with cookie expiration
Using session cookies to further reduce risk
Summary
Introduction
How an attacker builds a website risk profile
Server response header disclosure
Locating at-risk websites
HTTP fingerprinting of servers
Disclosure via robots.txt
The risks in HTML source
Internal error message leakage
Lack of access controls on diagnostic data
Summary
Introduction
Identifying untrusted data in HTTP request parameters
Capturing requests and manipulating parameters
Manipulating application logic via parameters
Testing for missing server side validation
Understanding model binding
Executing a mass assignment attack
HTTP verb tampering
Fuzz testing
Summary
Outline
Understanding SQL injection
Testing for injection risks
Discovering database structure via injection
Harvesting data via injection
Automating attacks with Havij
Blind SQL injection
Secure app patterns
Summary
Introduction
Understanding cross site attacks
Testing for a cross site request forgery risk
The role of anti-forgery tokens
Testing cross site request forgery against APIs
Mounting a clickjacking attack
Summary
Introduction
Understanding password strength and attack vectors
Limiting characters in passwords
Emailing credentials on account creation
Account enumeration
Denial of service via password reset
Correctly securing the reset processes
Establishing insecure password storage
Testing for risks in the 'remember me' feature
Re-authenticating before key actions
Testing for authentication brute force
Summary

What others say about this course

Write your review of Hack Yourself First: How to go on the Cyber-Offense

Facebook account of EdvicerLinkedin account of EdvicerInstagram account of Edvicer
Twitter account of EdvicerPinterest account of EdvicerYoutube account of Edvicer