webpen.tar.gz

shodan_api

Wireshark

chrome

Burp

frog

proxychains

encoder

setoolkitChrome

chromeShark

juiceshop

BurpChrome

This course is intended for people interested in information security—particularly in the penetration testing of various websites—to identify the security flaws present in the majority of newly developed websites and how to fix them. 

You will learn web penetration testing techniques using the Kali Linux operating system. You will be introduced to Python programming, web server technology, network management, open source intelligence, cross-site scripting, SQL injection, authentication and authorization in systems, cross-site request forgery, social engineering attacks, and concepts in information security management. 

Your knowledge of the various web application vulnerabilities and attack methods will be enhanced after taking this course. You will get hands-on experience with many tools used in online penetration testing in cyber security.

Web Application Penetration Testing

## Overview

From the practice session, we have developed an understanding of the sort of damage CSRF attacks can cause. Thankfully, protecting web applications against CSRF is rather simple. Let's look at the various methods of mitigation.

## Anti-CSRF tokens

Each **anti-CSRF token** is a random, unique, and secret value with a short expiration time that's generated on the server and then shared with the client. User actions, such as form submissions, ask the client to include the correct anti-CSRF token in the request for a successful response. Without the token, the attacker can't really do anything.

If poor coding or design practices have been employed, a crafty adversary could probably remove the use of the token or its requirement altogether or even use the token of another compromised account. A very brief example would be a web application using anti-CSRF tokens with the `GET` method. The adversary could then clearly see the token and simply use it themselves.

# Overview

From the practice session, we have developed an understanding of the sort of damage CSRF attacks can cause. Thankfully, protecting web applications against CSRF is rather simple. Let's look at the various methods of mitigation.

# Anti-CSRF tokens

Each **anti-CSRF token** is a random, unique, and secret value with a short expiration time that's generated on the server and then shared with the client. User actions, such as form submissions, ask the client to include the correct anti-CSRF token in the request for a successful response. Without the token, the attacker can't really do anything.

If poor coding or design practices have been employed, a crafty adversary could probably remove the use of the token or its requirement altogether or even use the token of another compromised account. A very brief example would be a web application using anti-CSRF tokens with the `GET` method. The adversary could then clearly see the token and simply use it themselves.

Learn about the standard ways of mitigating CSRF attacks.

Introduction to the Course

Introduction to Linux

Introduction to Python

Web and Server Technology

Network Management and Analysis

Open-Source Intelligence

Cross-Site Scripting

SQL Injection

Authentication and Authorization

Cross-Site Request Forgery

Social Engineering Attacks

Broader Security Concepts

Wrapping Up

Mitigation of Cross-Site Request Forgery

Overview

Anti-CSRF tokens