From the course: CompTIA PenTest (PT0-002) Cert Prep
Unlock this course with a free trial
Join today to access over 23,500 courses taught by industry experts.
Application exploits, part 1
From the course: CompTIA PenTest (PT0-002) Cert Prep
Application exploits, part 1
- Part of the planning process of any pen testing endeavor is to determine what your target is. Now, we've talked about targets being servers, or maybe they're networks, or maybe even users, but another class of targets is the application. Applications are great targets. And if you think about it, it makes a lot of sense to attack an application, especially if you're looking for denial of service or exfiltration of data, or maybe even destruction of data. Because applications, the way that they typically work is they allow users to interact with data sources. So especially if you want to grab a bunch of data, the application already knows where the data is. So if you could compromise an application, you don't have to dig down through the servers and get to the database, you just tell the application to do something it didn't mean to do. So there's different ways that we can attack applications. One of the coolest ways is through injection attacks. An injection attack is sending an…
Contents
-
-
-
-
-
-
-
OWASP Top 108m 40s
-
(Locked)
Application exploits, part 15m 34s
-
(Locked)
SQL injection demo8m 41s
-
(Locked)
Labtainers lab: SQL injection2m 38s
-
(Locked)
Application exploits, part 28m 2s
-
(Locked)
Application exploits, part 39m 11s
-
(Locked)
Cross-site scripting demo7m
-
(Locked)
Labtainers lab: Cross-site scripting1m 36s
-
(Locked)
Labtainers lab: Cross-site request forgery1m 14s
-
(Locked)
Code vulnerabilities16m 36s
-
(Locked)
API attacks and attack resources6m 28s
-
(Locked)
Privilege escalation: Linux9m 37s
-
(Locked)
Privilege escalation: Windows6m 9s
-
(Locked)
Miscellaneous privilege escalation7m 54s
-
(Locked)
Miscellaneous local host vulnerabilities8m 5s
-
-
-
-
-
-
-
-