Watch trailer
Course at a glance
Included in these subscriptions:
- Dev & IT Pro Video
- Dev & IT Pro Power Pack
| Release date | 3/17/2016 | |
| Level | Intermediate | |
| Runtime | 1h 41m | |
| Closed captioning | N/A | |
| Transcript | N/A | |
| eBooks / courseware | N/A | |
| Hands-on labs | N/A | |
| Sample code | N/A | |
| Exams | Included |
Course description
Given their centrality in operations of most businesses, Websites represent tempting and low-hanging fruit for hackers. Experienced systems architect, software engineer and cybersecurity expert Rafiq Wayani reveals how both session hacking and the hacking of entire web servers have become all too commonplace. Wayani discusses the latest detection tools, counter measures and penetration testing you will need to thwart these attacks. This course is part of a series covering EC-Council's Certified Ethical Hacker (CEH).
Prerequisites
To get the most out of this course, this course assumes that you have a good working knowledge of Linux and Windows based networking environments. It also assumes that you have experience with managing a network, have worked with networking hardware such as switches & routers, are familiar with MS Active Directory (AD) Domain based authentication, know how to work with command-line utilities, and understand the basics of Web Server environments.
Many of the demonstrations in this course use the Windows 7 and Kali Linux operating systems which can be downloaded free from the respective sites. All of the demonstrations are created in a virtual environment using Oracle VirtualBox and VMware vSphere 6.
Learning Paths
This course will help you prepare for the following certification and exam:
Certified Ethical Hacker
312-50: Certified Ethical Hacker
Meet the expert
Rafiq Wayani has extensive experience including more than 20 years in IT as Systems Architect, Software Engineer, DBA, and Project Manager. Wayani has instructed in a variety of technical areas, has designed and implemented network and information systems, and is certified across a wide range of platforms and systems including Microsoft Solutions Developer, Systems Engineer, Application Developer, Database Administrator, Trainer; Novell Netware Administrator and Engineer; Master Certified Netware Engineer; and A Certified.
Course outline
Session Hijacking
Session Hijacking Concepts (05:26)
- Introduction (00:22)
- Session Hijacking (00:46)
- Session Hijacking Diagram (02:33)
- Session Hijacking Cont. (01:26)
- Summary (00:18)
App Level Session Hijacking (06:43)
- Introduction (00:28)
- Application Level Hijacking (04:13)
- Web Services (01:49)
- Summary (00:12)
Network Level Hijacking (05:41)
- Introduction (00:21)
- Network Level Hijacking (02:29)
- Models (02:43)
- Summary (00:08)
Session Hijacking Tools (07:06)
- Introduction (00:19)
- Network Level Hijacking (00:28)
- Demo: Session Hijacking Tools (06:03)
- Summary (00:14)
Session Hijack Countermeasures (08:00)
- Introduction (00:33)
- Session Hijack Countermeasures (04:34)
- Countermeasures Cont. (02:38)
- Summary (00:13)
Session Hijack Pentest (07:01)
- Introduction (00:21)
- Session Hijack Pentest (03:57)
- Session Hijack Pentest Cont. (02:28)
- Summary (00:14)
Web Server Attacks
Web Server Concepts (05:55)
- Introduction (00:16)
- What's Happening (01:39)
- HTTP Request Processing in IIS (03:45)
- Summary (00:14)
Web Server Attacks (07:16)
- Introduction (00:15)
- Web Server Attacks (03:13)
- Demo: Netsparker (03:34)
- Summary (00:12)
Web Server Attack Methodology (08:20)
- Introduction (00:23)
- Web Server Attack Methodology (00:42)
- Demo: Netsparker (00:32)
- Web Server Attack Methodology (00:58)
- Demo: WinHTTrack (05:34)
- Summary (00:10)
Web Server Attack Tools (09:27)
- Introduction (00:19)
- Web Server Attack Tools (01:19)
- Demo: Passivetotal (02:22)
- Demo: HTTPRecon (05:15)
- Summary (00:11)
Web Server Countermeasures (10:47)
- Introduction (00:17)
- Web Server Countermeasures (00:40)
- 18-Year-Old Vulernerability (01:04)
- Server O/S (01:25)
- Demo: End-of-Life Support (02:41)
- Web Server Countermeasures (00:06)
- Demo: Locking Down Servers (02:06)
- Web Server Countermeasures (02:13)
- Summary (00:11)
Web Server Patch Management (04:20)
- Introduction (00:21)
- Web Server Patch Management (02:11)
- Patch Management Cont. (01:31)
- Summary (00:15)
Web Server Security Tools (09:50)
- Introduction (00:17)
- Web Server Security Tools (05:02)
- Demo: Cache (04:22)
- Summary (00:08)
Web Server Penetration Testing (05:34)
- Introduction (00:19)
- Web Server Penetration Testing (00:56)
- Demo: Pen Test Tools (03:02)
- Web Server Pen Testing (01:01)
- Summary (00:15)