Auditing Strategies

Explore effective auditing strategies in web application penetration testing. Learn to apply automated techniques like static, dynamic, and interactive application security testing combined with manual methods to identify vulnerabilities such as XSS. Understand how to use tools like Burp Suite to enhance security assessments while balancing accuracy and performance.

We'll cover the following...

Overview
Automated testing
Static application security testing (SAST)
- Dynamic application security testing (DAST)
- Interactive application security testing (IAST)

Overview

As already established, sniffing out vulnerabilities is an essential skill for a pentester. Finding XSS vulnerabilities requires both manual testing and scans with powerful automated tools, such as Burp Suite.

The process begins with automated tools; basic XSS vulnerabilities are quickly spotted. Then manual testing is done to catch more advanced XSS attack vectors. For manual testing, any forms, fields, and editable URLs are all noted, the related source code (if available or unobfuscated) is analyzed, and then special ...

1.Introduction to the Course

2.Introduction to Linux

3.Introduction to Python

4.Web and Server Technology

5.Network Management and Analysis

6.Open-Source Intelligence

7.Cross-Site Scripting

8.SQL Injection

9.Authentication and Authorization

10.Cross-Site Request Forgery

11.Social Engineering Attacks

12.Broader Security Concepts

13.Wrapping Up

Auditing Strategies

Overview