CompTIA PenTest+: Cloud-Based & Web Application Attacks

CompTIA PenTest+    |    Intermediate
  • 18 videos | 1h 52m 31s
  • Includes Assessment
  • Earns a Badge
Rating 4.7 of 9 users Rating 4.7 of 9 users (9)
Cloud-based and web application attacks are significant cybersecurity concerns in today's digital landscape. In this course, you'll learn how to perform web application and cloud-based attacks using a range of tools. First, you'll explore common web application attacks including brute force, collision, dictionary traversal, session hijacking, file inclusions, API abuse, and JSON Web Token (JWT) manipulation attacks. Then, you'll discover common tools used to perform application testing exercises like Zed, Postman, and sqlmap. Finally, you'll explore cloud-based attack types such as resource misconfiguration, public access to services, and container escape, while discovering the appropriate tools to perform cloud-based attacks such as Kube-hunter, ScoutSuite, and Prowler. This course is one of a collection that helps prepare learners for the CompTIA PenTest+ (PT0-003) certification exam.

WHAT YOU WILL LEARN

  • Discover the key concepts covered in this course
    Outline web application attacks including brute force, collision, and json web token (jwt) manipulation attacks
    Explore source code using trufflehog
    Demonstrate how to use burp suite to attack web apps
    Perform zed attack proxy (zap) setup
    Use postman to perform api testing and vulnerability exploration
    Use sqlmap to exploit sql injection
    Use dirbuster to perform web app penetration testing and compare with gobuster
    Use wfuzz to perform web content discovery
  • Use wpscan to identify wordpress vulnerabilities
    Outline cloud-based attacks such as resource misconfiguration, container escape, and trust relationship abuse attacks
    Use pacu to perform an aws attack and post exploitation
    Use docker bench script to check and ensure container best practices are followed
    Use the kube-hunter open source tool to explore security weaknesses
    Use prowler to conduct a cloud security assessment
    Use scoutsuite to perform aws security assessments and identify security vulnerabilities
    Use known cloud-native vendor tools to perform cloud-based attacks
    Summarize the key concepts covered in this course

IN THIS COURSE

  • 1m 6s
    In this video, you will discover the key concepts covered in this course. FREE ACCESS
  • 7m 32s
    In this video, find out how to outline web application attacks including brute force, collision, and JSON Web Token (JWT) manipulation attacks. FREE ACCESS
  • Locked
    3.  Performing Web Application Attacks Using TruffleHog
    6m 12s
    After completing this video, you will be able to explore source code using TruffleHog. FREE ACCESS
  • Locked
    4.  Attacking Web Apps with Burp Suite
    7m 21s
    Upon completion of this video, you will be able to demonstrate how to use Burp Suite to attack web apps. FREE ACCESS
  • Locked
    5.  Setting up Zed Attack Proxy (ZAP)
    6m 23s
    In this video, find out how to perform Zed attack proxy (ZAP) setup. FREE ACCESS
  • Locked
    6.  Performing API Testing Using Postman
    7m 16s
    Learn how to use Postman to perform API testing and vulnerability exploration. FREE ACCESS
  • Locked
    7.  Exploiting SQL Injection Using sqlmap
    7m 47s
    Find out how to use sqlmap to exploit SQL injection. FREE ACCESS
  • Locked
    8.  Web App Penetration Testing Using DirBuster
    7m 3s
    In this video, you will learn how to use DirBuster to perform web app penetration testing and compare with Gobuster. FREE ACCESS
  • Locked
    9.  Performing Web Content Discovery Using Wfuzz
    7m 24s
    In this video, learn how to use Wfuzz to perform web content discovery. FREE ACCESS
  • Locked
    10.  Identifying WordPress Vulnerabilities Using WPScan
    7m 31s
    During this video, discover how to use WPScan to identify WordPress vulnerabilities. FREE ACCESS
  • Locked
    11.  Cloud-Based Attack Types
    8m 1s
    In this video, find out how to outline cloud-based attacks such as resource misconfiguration, container escape, and trust relationship abuse attacks. FREE ACCESS
  • Locked
    12.  Performing an AWS Attack Using Pacu
    6m 20s
    Upon completion of this video, you will be able to use Pacu to perform an AWS attack and post exploitation. FREE ACCESS
  • Locked
    13.  Using Docker Bench to Check for Best Practices
    6m 21s
    In this video, find out how to use Docker Bench script to check and ensure container best practices are followed. FREE ACCESS
  • Locked
    14.  Exploring Security Weaknesses Using Kube-hunter
    6m 26s
    Learn how to use the Kube-hunter open source tool to explore security weaknesses. FREE ACCESS
  • Locked
    15.  Conducting Cloud Security Assessments Using Prowler
    5m 40s
    In this video, find out how to use Prowler to conduct a cloud security assessment. FREE ACCESS
  • Locked
    16.  Performing AWS Security Assessments Using ScoutSuite
    6m 50s
    During this video, discover how to use ScoutSuite to perform AWS security assessments and identify security vulnerabilities. FREE ACCESS
  • Locked
    17.  Cloud Attacks Using Cloud-native Vendor Tools
    6m 36s
    Discover how to use known cloud-native vendor tools to perform cloud-based attacks. FREE ACCESS
  • Locked
    18.  Course Summary
    41s
    In this video, we will summarize the key concepts covered in this course. FREE ACCESS

EARN A DIGITAL BADGE WHEN YOU COMPLETE THIS COURSE

Skillsoft is providing you the opportunity to earn a digital badge upon successful completion on some of our courses, which can be shared on any social network or business platform.

Digital badges are yours to keep, forever.

YOU MIGHT ALSO LIKE

Course CompTIA PenTest+: Establishing & Maintaining Persistence
Rating 4.2 of 10 users Rating 4.2 of 10 users (10)
Course CompTIA PenTest+: Prioritize & Prepare for Attacks
Rating 4.8 of 4 users Rating 4.8 of 4 users (4)
Course CompTIA PenTest+: Reconnaissance & Enumeration
Rating 5.0 of 3 users Rating 5.0 of 3 users (3)