webpen.tar.gz

shodan_api

Wireshark

chrome

Burp

frog

proxychains

encoder

setoolkitChrome

chromeShark

juiceshop

BurpChrome

This course is intended for people interested in information security—particularly in the penetration testing of various websites—to identify the security flaws present in the majority of newly developed websites and how to fix them. 

You will learn web penetration testing techniques using the Kali Linux operating system. You will be introduced to Python programming, web server technology, network management, open source intelligence, cross-site scripting, SQL injection, authentication and authorization in systems, cross-site request forgery, social engineering attacks, and concepts in information security management. 

Your knowledge of the various web application vulnerabilities and attack methods will be enhanced after taking this course. You will get hands-on experience with many tools used in online penetration testing in cyber security.

Web Application Penetration Testing

An attacker includes an image tag in a malicious email that points to a URL on the victim's bank's website. Which type of CSRF attack is described above? 

An attacker includes an image tag in a malicious email that points to a URL on the victim’s bank’s website. Which type of CSRF attack is described above?

Which way of preventing CSRF attacks involves the use of randomized characters for every session in a web application?

Which way of preventing CSRF attacks involves the use of randomized characters for every session in a web application?

1. The attacker must trick Bob into clicking the exploit URL.
2. Bob needs to have an active session with banking.com.
3. The attacker must also build an exploit URL.


1. The attacker must build an exploit URL.
2. Bob needs also to have an active session with banking.com.
3. The attacker must trick Bob into clicking the exploit URL.


1. The attacker must build an exploit URL.
2. The attacker must also trick Bob into clicking the exploit URL.
3. Bob needs to have an active session with banking.com.


1. Bob needs to have an active session with banking.com.
2. The attacker must build an exploit URL.
3. The attacker must also trick Bob into clicking the exploit URL.


An attacker wants to launch a CSRF attack on a user called Bob who has an account at banking.com. What process would the attacker would use to successfully launch this attack?

An attacker wants to launch a CSRF attack on a user called Bob who has an account at <a href="http://banking.com">banking.com</a>. What process would the attacker would use to successfully launch this attack?

An attacker wants to perform a CSRF attack. The relevant `GET` request is for changing a user's password. The request also requires the user's current password for a successful response. Will the attack be successful?

An attacker wants to perform a CSRF attack. The relevant <code>GET</code> request is for changing a user’s password. The request also requires the user’s current password for a successful response. Will the attack be successful?

**(True or False)** Anti-CSRF tokens only work well with `POST` requests.

(True or False) Anti-CSRF tokens only work well with <code>POST</code> requests.

Take a short quiz on what you learned in this chapter.

Introduction to the Course

Introduction to Linux

Introduction to Python

Web and Server Technology

Network Management and Analysis

Open-Source Intelligence

Cross-Site Scripting

SQL Injection

Authentication and Authorization

Cross-Site Request Forgery

Social Engineering Attacks

Broader Security Concepts

Wrapping Up

Quiz Yourself on Cross-Site Request Forgery