Mastering Directory Traversal - The Ultimate Hands-On Course

[AD-TEAM]

Mastering Directory Traversal - The Ultimate Hands-On Course
Published 9/2023
MP4 | Video: h264, 1280x720 | Audio: AAC, 44.1 KHz
Language: English | Size: 1.01 GB | Duration: 1h 40m

How to Find, Exploit & Defend Against Directory Traversal Vulnerabilities. For Ethical Hackers, Developers & Pentesters.

What you'll learn

Learn how to find directory traversal vulnerabilities.

Learn how to exploit directory traversal vulnerabilities of varying difficulty levels.

Gain hands-on experience exploiting directory traversal vulnerabilities using Burp Suite Community and Professional editions.

Learn how to automate attacks in Python.

Learn secure coding practices to defend against directory traversal vulnerabilities.

Requirements

Basic knowledge of computers (i.e. how to use the internet).

Basic knowledge of web fundamentals (HTTP requests, methods, cookies, status codes, etc.).

Latest version of Kali Linux VM (free download).

PortSwigger Web Security Academy account to access the labs (free registration).

Basic knowledge of Python Scripting.

Description

Directory Traversal (or also known as file path traversal) is a vulnerability that allows an attacker to read arbitrary files on the server that is running the application. This includes files that contain credentials, system configuration and application code. In some cases, not only could you read arbitrary files, but you could also write to arbitrary files which usually leads to a full system compromise. Therefore, mastering the ability to identify and exploit directory traversal vulnerabilities has become an essential and foundational skill.In this course, we dive into the technical details behind directory traversal vulnerabilities, how to find these types of vulnerabilities from a black-box and white-box perspective and the different ways to exploit these types of vulnerabilities. We also cover prevention and mitigation techniques that you can use to prevent directory traversal vulnerabilities.This is not your average course that just teaches you the basics. It's the perfect mix of theory and practice! The course contains 6 hands-on labs of varying difficulty levels that teach you how to first manually exploit the vulnerability and then how to script/automate your exploit in Python. If you're a penetration tester, application security specialist, bug bounty hunter, software developer, ethical hacker, or just anyone interested in web application security, this course is for you!

Overview

Section 1: Introduction

Lecture 1 Course Introduction

Section 2: Getting help

Lecture 2 Answering your questions

Lecture 3 Udemy tips and tricks

Section 3: Directory Traversal - Technical Deep Dive

Lecture 4 Agenda

Lecture 5 What is Directory Traversal?

Lecture 6 How Do You Find Directory Traversal Vulnerabilities?

Lecture 7 How Do You Exploit Directory Traversal Vulnerabilities?

Lecture 8 How Do You Prevent Directory Traversal Vulnerabilities?

Lecture 9 Additional Resources

Section 4: Hands-On Directory Traversal Labs

Lecture 10 Lab #1 File path traversal, simple case

Lecture 11 Lab #2 File path traversal traversal sequences blocked with absolute path bypass

Lecture 12 Lab #3 File path traversal, traversal sequences stripped non-recursively

Lecture 13 Lab #4 File path traversal, traversal sequences stripped with superfluous URL-de

Lecture 14 Lab #5 File path traversal, validation of start of path

Lecture 15 Lab #6 File path traversal, validation of file extension with null byte bypass

Section 5: Bonus Lecture

Lecture 16 Bonus Lecture

Penetration testers that want to understand how to find and exploit directory traversal vulnerabilities.,Software developers that want to understand how to defend against directory traversal vulnerabilities.,Bug bounty hunters that want to understand how to find and exploit directory traversal vulnerabilities.,Individuals preparing for the Burp Suite Certified Practitioner (BSCP) exam.,Individuals preparing for the OSWE certification.

[To see links please register or login]

[To see links please register or login]

[To see links please register or login]