Course 27 - Hacking Web Applications, Penetration Testing, CTF | Episode 17: Common Network and Web Application Vulnerabilities
No se pudo agregar al carrito
Solo puedes tener X títulos en el carrito para realizar el pago.
Add to Cart failed.
Por favor prueba de nuevo más tarde
Error al Agregar a Lista de Deseos.
Por favor prueba de nuevo más tarde
Error al eliminar de la lista de deseos.
Por favor prueba de nuevo más tarde
Error al añadir a tu biblioteca
Por favor intenta de nuevo
Error al seguir el podcast
Intenta nuevamente
Error al dejar de seguir el podcast
Intenta nuevamente
Course 27 - Hacking Web Applications, Penetration Testing, CTF | Episode 17: Common Network and Web Application Vulnerabilities
-
Narrado por:
-
De:
- Common network “low-hanging fruit” vulnerabilities, including:
- Anonymous FTP access
- Guest SMB shares
- Default credentials across services like SSH, RDP, and databases such as MySQL, PostgreSQL, and Microsoft SQL Server
- The risks of credential reuse across multiple systems
- Clear-text traffic risks, understanding how tools like Wireshark can reveal sensitive credentials when encryption is not enforced.
- Injection-based web attacks, including:
- SQL Injection (SQLi), where unsanitized input manipulates backend database queries
- OS Command Injection, where user input is executed directly by the underlying operating system
- File Inclusion vulnerabilities, distinguishing between:
- Local File Inclusion (LFI)
- Remote File Inclusion (RFI)
- Common bypass techniques such as null byte injections and encoding tricks
- Cross-Site Scripting (XSS) categories:
- Reflected XSS
- Stored XSS
- DOM-based XSS
- Authentication and session management flaws, including:
- Username enumeration
- Password spraying attacks
- Improper reliance on cookies for authorization decisions
- Client-side validation weaknesses, demonstrating how browser-side controls can be bypassed using interception tools like Burp Suite to manipulate parameters, hidden fields, and perform parameter pollution.
- Additional misconfigurations and risks, such as:
- Open redirects
- Open mail relays
- Logic flaws in applications, including online gaming systems
You can listen and download our episodes for free on more than 10 different platforms:
https://linktr.ee/cybercode_academy
Todavía no hay opiniones