Web applications or web apps are the interface of a website to the Internet. Many of them are so poorly designed that it is relatively easy to take control or deface these sites. Many of Content Management Systems (CMS) such as WordPress, Drupal, and Joomla are bug-riddled. Even when these are patched, these CMSs have a multitude of plug-ins that are often poorly designed.
In this series, we will first familiarize you with Web Technologies and terminology, then look at strategies for hacking web apps, and then examine how to find vulnerabilities and how to exploit them.
The tutorials in this series include;
1. Web Application Technologies, Part 1
2. Web App Hacking Overview and Strategy for Beginners
3. Getting Started with OWASP-ZAP
4. Hacking Form Authentication with Burp Suite
5. Finding Vulnerable WordPress sites
6. Finding Vulnerabilities in WordPress with wpscan
7. Enumerating Usernames and Passwords in WordPress Sites
8. Bruteforce WordPress sites using the XMLRPC
9. Creating a Backdoor to a Website with weevely
10. Cloning a Website with httrack
11. Cross-Site Scripting (XSS) Attacks
13. Directory or Path Traversal
14. Using dirb to Find Hidden Directories
15. Using Wikto to Find Web App Vulnerabilities
16. Using TIDOS as a Comprehensive Web App Vulnerability Assessment
17. Local File Inclusion (LFI) Attack
18. Cross-Site Request Forgery (CSRF)
19. Burp Suite:Bypassing Weak Input Authentication
20. Burp Suite: Testing for Persistent XSS
21. Burp Suite: Remote File Inclusion (RFI)
22. Burp Suite: XXE