Web App Testing: Episode 4 - XXE, Input Validation, Broken Access Control, and More XSS
Vložit
- čas přidán 20. 08. 2024
- Get my:
25 hour Practical Ethical Hacking Course: www.udemy.com/...
Windows Privilege Escalation for Beginners Course: www.udemy.com/...
❓Info❓
___________________________________________
Need a Pentest?: tcm-sec.com
Learn to Hack: academy.tcm-se...
🔹The Cyber Mentor Merch🔹
___________________________________________
teespring.com/...
📱Social Media📱
___________________________________________
Website: thecybermentor...
Twitter: / thecybermentor
Twitch: / thecybermentor
Discord: tcm-sec.com/di...
LinkedIn: / heathadams
💸Donate💸
___________________________________________
Like the channel? Please consider supporting me on Patreon:
/ thecybermentor
Support the stream (one-time): streamlabs.com...
Hacker Books:
Penetration Testing: A Hands-On Introduction to Hacking: amzn.to/31GN7iX
The Hacker Playbook 3: amzn.to/34XkIY2
Hacking: The Art of Exploitation: amzn.to/2VchDyL
The Web Application Hacker's Handbook: amzn.to/30Fj21S
Real-World Bug Hunting: A Field Guide to Web Hacking: amzn.to/2V9srOe
Social Engineering: The Science of Human Hacking: amzn.to/31HAmVx
Linux Basics for Hackers: amzn.to/34WvcXP
Python Crash Course, 2nd Edition: amzn.to/30gINu0
Violent Python: amzn.to/2QoGoJn
Black Hat Python: amzn.to/2V9GpQk
My Build:
lg 32gk850g-b 32" Gaming Monitor:amzn.to/30C0qzV
darkFlash Phantom Black ATX Mid-Tower Case: amzn.to/30d1UW1
EVGA 2080TI: amzn.to/30d2lj7
MSI Z390 MotherBoard: amzn.to/30eu5TL
Intel 9700K: amzn.to/2M7hM2p
G.SKILL 32GB DDR4 RAM: amzn.to/2M638Zb
Razer Nommo Chroma Speakers: amzn.to/30bWjiK
Razer BlackWidow Chroma Keyboard: amzn.to/2V7A0or
CORSAIR Pro RBG Gaming Mouse: amzn.to/30hvg4P
Sennheiser RS 175 RF Wireless Headphones: amzn.to/31MOgpu
My Recording Equipment:
Panasonic G85 4K Camera: amzn.to/2Mk9vsf
Logitech C922x Pro Webcam: amzn.to/2LIRxAp
Aston Origin Microphone: amzn.to/2LFtNNE
Rode VideoMicro: amzn.to/309yLKH
Mackie PROFX8V2 Mixer: amzn.to/31HKOMB
Elgato Cam Link 4K: amzn.to/2QlicYx
Elgate Stream Deck: amzn.to/2OlchA5
*We are a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for us to earn fees by linking to Amazon.com and affiliated sites.
I hope you enjoyed this video! If so, please consider dropping a like and subscribing.
Best cyber security teacher, with a motivating "humour" too!
Man, these courses have helped me with topics I have had difficulty with for so long. I really appreciate you for this.
I have been following your tutorials all along from basic pentest, priv esc and now web testing. They are very informative and help me a lot! Thank you, Sir!
Bro keep doing what you're doing. We share a similar journey... I'm also a Vet (served in the Parachute Regiment), but then left a few years ago to pursue a career in Pen Testing...(also a dog dad haha). And out of any other CZcamsr, you've actually motivated me to create my own CZcams channel. But mainly to help reinforce my own education :)
Keep it up brother!
Awesome man! I look forward to seeing the content you put out :). We certainly need more content developers!
@@TCMSecurityAcademy Thanks bro :) I'm going to write out a plan of what I plan to roll out. I've done a few videos that aren't really that technical, but just created and uploaded them for practice in just creating SOMETHING. Haha :)
Congrats for 30k subs you are doing a great job! Keep it up. you'll deserve more buddy!
Thank you!
I download all your vids and then practice them on my own....Thanks alot....
48:54 XXE explained.
Very good content , im behind with the lessons , but dosen't matter still learning ... all day every day .. good job .Hope you the best
Thank you!
Man don't you not having tired! All For the community💛 Owsome!
I'm always tired! Lol
Lol 😂 Keep teaching!
The chief himself ❤❤
What the heck was in review section! LMAO
Trolls gonna troll :)
32:59 on-air accident :D
Was waiting for thiz! Thanks Heath!
You're welcome!
LOVE YOU MAKE MORE OF VIDS!
That's great like always :)
Again - awesome video
you're the best!
love ur videos :)
you are the real ,mentor i have a question here, does installing Kali Linux direct on a laptop recommended as the main OS? is it unsafe? what about dual booting with an OS like windows? is it also unsafe?
Before asking this question search it on internet cause it's a really frequent question...
Virtualization or LiveUSB i recommend.. its Up to you...
On the input validation portion regarding the price of items, how do you submit that for bug bounties normally? I have found this a few times over the years and each customer said completing the altered payment was illegal, but since I didn't prove it was actually true, I was not eligible for the bounty and then proceeded to fix the issue. Of course this is mostly low hanging fruit but I feel this is a loophole so they do not have to pay.
Hey have you worked with SAML Raider by chance? Just wanted a reliable source to learn all its bits and pieces.
Thanks for the video by the way.
Thanks so much sir
By the way, I emailed you sir. You might want to consider it. Spread your legacy to us.
IM A QA AND WOULD TO DO pen TESTING...helP!!!!!!
anyone here having problem with installing juice-shop in linux local environment? I have installed the npm and node.js but it still not working when I install the juice-shop. have an same problem with me? please help, thanks a lot
😢dont forget noobs , still waiting for 7th video
Well, I have the same fear for this playlist. I hope he will complete web application penetration testing playlist.
When have I never completed a playlist?
@@TCMSecurityAcademy i just was afraid 😁 this series are vital for me i noticed there were several consecutive webapptest video and i thought maybe you are tired of teaching stupid easy stuff🤓
@@TCMSecurityAcademy Ah, You are right :')