Web Security Professional
Elevate your web security expertise with web security professional. This comprehensive course explores advanced subjects such as authentication attacks, mastering Cross-Site Scripting (XSS) techniques, Server-Side Request Forgery (SSRF), XML External Entity (XXE) injection, and much more.
Semicolon Academy
What you'll learn
- Gain a profound insight into the intricacies of web architecture.
- Master the usage of Burp Suite to uncover and exploit security weaknesses effectively.
- Identify and exploit authentication vulnerabilities to gain unauthorized access to webapps.
- Exploiting web vulnerabilities like logical vulnerabilities, IDOR, CSRF, XSS, Injections, and more.
- Exploiting vulnerabilities like XSS, LFI/RFI, SSRF, XXE injection, CVEs and File Upload Vulnerabilities.
Course Syllabus
Chapter 1: Understanding The Web Architecture
- Download Link (Resources)
- What is Server?
- Server - Demo
- What is DNS?
- DNS - Demo
- Simple Web Application Architecture
- HTTP REQUEST / RESPONSE
- Web 2.0 | Frontend
- Web 2.0 | Frontend - Demo
- Web 2.0 | Backend
- Web 2.0 | Backend - Demo
- Cookies and Sessions
- Web 2.0 | Backend | Cookie - Demo
- Web 2.0 | Database
- Web 2.0 | Database - Demo
- Modern Web App Architecture | MPA
- Hosting Your First Web APP
- Web Application Logging
- SPA & Demo
- How Does The Backend Receive Data?
- WEB API | RESTful & Demo
- WEB API | GraphQL & Demo
- WEB API | API Key & Demo
- Web Socket
- Web Server In a Network
- Load Balancer
- Web Caching
- Content Delivery Networks (CDNs)
- Web Application FireWall
- Am I a Pro Web Developer Now?
Chapter 2: Mastering Burp Suite Techniques
- Recap | Web App Basics
- Recap | Live Demo
- Proxy Tool
- Burp Suite | Getting Started
- Burp Suite Overview
- HTTP History
- Web Socket
- Web Socket LAB
- Filter | Settings Mode by Annotations
- Filter | Settings mode by MimeType & File Extensions
- Filter | Settings Mode by Search Term
- Filter | Settings Mode by Status Code
- Filter | Bambda mode
- Target Site Scope
- Target Site Scope | Import Settings
- Target Site Map
- Target Site Map | Practical
- Target Site Map Filtering
- Configuring Burp Suite With Browsers
- Proxy Listeners
- Intercepting HTTP and HTTPS traffic
- SSL/TLS Pinning
- Burp Certificate With Firefox
- Warning
- Burp Certificate With Chrome
- Foxy Proxy
- Foxy Proxy | Practical
- Intercept Requests | Theoretical
- Intercept Requests | Practical
- Intercept Responses| Theoretical
- Intercept Responses| Practical
- Intercept Rules
- Repeater
- Repeater Manage Tabs
- Match and Replace | Theoretical
- Match and Replace | Practical
- Match and Replace Program Policy
- Decoder | Theoretical
- Decoder | Practical
- Decoder | Inspector
- Intuder | Theoretical
- Intuder | Practical
- Intruder | Sniper
- Intruder | Sniper | Practical
- Intruder | Battering Ram
- Intruder | Battering Ram | Practical
- Intruder | Pitchfork
- Intruder | Pitchfork | Practical
- Inruder | Cluster bomb
- Inruder | Cluster bomb | Practical
- Comparer
- BApp Store
- Logger++
- Troubleshooting
- Should I Buy Burp Pro Now?
- Ending
Majd Dhainy
Cybersecurity Researcher with a strong background in software engineering, specializing in securing web services, enhancing APIs, and addressing issues from requirements to deployment. Acknowledged for uncovering global vulnerabilities, listed on bug bounty Hall of Fames for Meta, Google, Revolut, LinkedIn, Medium, Trivago, and more.
Kassem Bazzoun
A security researcher with over 10 years of experience has discovered more than 100 security vulnerabilities in global companies, including Meta, where they have been on the whitehat list since 2015. Kassem has been featured as a guest on major global media outlets such as Al Arabiya and Sky News.