Web App Hacking
Web application or web apps are the interface of a website to the Internet. Many of them are so poorly designed that it is relatively easy to take control or deface these sites. Many of the Content Management Systems (CMS) such as WordPress, Drupal and Joomla have been shown to be bug riddled. Even when these are patched, these CMS's have a multitude of plug-ins that are often poorly designed.
​
In this series, we will first familiarize you with Web Technologies and terminology, then look at strategies of hacking web apps, then examine how to find vulnerabilities and then how to exploit them.
​
​
​
The tutorials in this series include;
​
1. Web Application Technologies, Part 1
​
​
2. Web App Hacking Overview and Strategy for Beginners
​
​
3. Getting Started with OWASP-ZAP
​
​
4. Hacking Form Authentication with Burp Suite
​
​
5. Finding Vulnerable WordPress sites
​
​
6. Finding Vulnerabilities in WordPress with wpscan
​
​
7. Enumerating Usernames and Passwords
​
​
8. Bruteforce WordPress sites using the XMLRPC
​
​
9. Creating a Backdoor to a Website with weevely
​
​
10. Cloning a Website with httrack
​
​
11. Cross-Site Scripting (XSS) Attacks
​
​
12. OS Command Injection
​
13. Directory or Path Traversal
​
​
14. Using dirb to Find Hidden Directories
​
​
15. Using Wikto to Find Web App Vulnerabilities
​
​
16. Using TIDOS as a Comprehensive Web App Vulnerability Assessment
​
​
17. Local File Inclusion (LFI) Attack
​
​
18. Cross-Site Request Forgery (CSRF)
​
​
19. Burp Suite:Bypassing Weak Input Authentication
​
​
20. Burp Suite: Testing for Persistent XSS
​
​
21. Burp Suite: Remote File Inclusion (RFI)
​
​
22. Burp Suite: XXE