Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:00,630 --> 00:00:07,140
Web application penetration testing before we can start talking about that we need to understand what
2
00:00:07,140 --> 00:00:15,000
is a website and just like I said before a website is just an application installed on a computer the
3
00:00:15,060 --> 00:00:18,650
computer probably just has better specs than your computer.
4
00:00:18,750 --> 00:00:21,040
But it fundamentally works.
5
00:00:21,060 --> 00:00:21,870
Exactly.
6
00:00:21,870 --> 00:00:28,710
Just like another computer so it has an operating system and it also has a number of applications to
7
00:00:28,710 --> 00:00:31,190
allow it to act as a web server.
8
00:00:31,440 --> 00:00:39,390
So the main two applications that it probably has is a web server and a database a web server is like
9
00:00:39,390 --> 00:00:43,010
Apache and the database is like my.
10
00:00:43,530 --> 00:00:48,860
And these are the web server basically understands and executes the web application.
11
00:00:48,870 --> 00:00:54,540
So your web application will be written in BHB or Python and you program language really the only thing
12
00:00:54,540 --> 00:01:00,360
is that the web server needs to be able to understand and execute this application.
13
00:01:00,390 --> 00:01:05,340
The database contains the data used by the web application.
14
00:01:05,340 --> 00:01:08,540
So all of this is stored on a computer called the server.
15
00:01:08,730 --> 00:01:12,870
The computer is connected to the Internet and it has a real IP address.
16
00:01:12,900 --> 00:01:16,730
So anybody can access that computer and can get.
17
00:01:16,930 --> 00:01:25,830
So the Web the web application is executed by the web server which is installed by what is installed
18
00:01:25,860 --> 00:01:27,770
on your server on your target.
19
00:01:27,790 --> 00:01:35,310
Therefore any time you request the page or you run the web application it's actually executed on the
20
00:01:35,310 --> 00:01:38,990
web server and it's not executed at the client's computer.
21
00:01:39,180 --> 00:01:46,380
It gets executed on the web server and that it sends a hash DMO page which is ready to read for the
22
00:01:46,590 --> 00:01:54,240
target person or for for the client so let's have a look on an example and let's say you're on the phone
23
00:01:54,240 --> 00:01:59,450
or on your computer and you want it to go to Facebook dot com So you type in Facebook dot com into your
24
00:01:59,450 --> 00:02:01,140
your app.
25
00:02:01,230 --> 00:02:07,510
This will be translated using a DNS server to an IP address.
26
00:02:07,740 --> 00:02:15,540
So there is a server that translates every name dot com dot you or any web site with a name with a domain
27
00:02:15,540 --> 00:02:15,770
name.
28
00:02:15,770 --> 00:02:20,180
So this is the domain name to its relevant IP address.
29
00:02:20,220 --> 00:02:23,850
So your request Facebook dot com their quest goes to a DNS server.
30
00:02:24,030 --> 00:02:28,790
It translates Facebook to the IP where Facebook is stored.
31
00:02:28,980 --> 00:02:36,880
And then you go to go to Facebook to the IP address of Facebook it will execute the page that you wanted.
32
00:02:37,020 --> 00:02:42,160
Using all of the applications that we spoke about and then just give you radiation out.
33
00:02:42,390 --> 00:02:47,670
So what you get back is just a markup routine in hastier mail which is a markup language all of the
34
00:02:47,670 --> 00:02:53,790
result of executing the program so the program gets executed on the server and then you just only get
35
00:02:53,790 --> 00:02:55,050
the result.
36
00:02:55,050 --> 00:03:00,420
This is very important because in the future if we wanted to get anything executed on the web server
37
00:03:00,420 --> 00:03:06,660
if we wanted to get a shell or a virtual or a virus execute on the target computer then we need to send
38
00:03:06,660 --> 00:03:09,420
it into a language that the web server understands.
39
00:03:09,420 --> 00:03:11,000
So for example we.
40
00:03:11,280 --> 00:03:17,240
And once you executed there it will be executed on that computer not on your computer.
41
00:03:17,430 --> 00:03:23,670
So regardless of the person the artist is the page the this the web show that you're going to send if
42
00:03:23,670 --> 00:03:29,040
it's written in ph be in a language that the server understands it's going to be executed on the server
43
00:03:29,160 --> 00:03:34,740
and not on your computer therefore it will give you access to the server and not access to the person
44
00:03:34,890 --> 00:03:36,570
who accessed that server
45
00:03:39,820 --> 00:03:40,420
javascript.
46
00:03:40,420 --> 00:03:46,490
On the other hand there is some websites use javascript and Javascript is a client side language.
47
00:03:46,600 --> 00:03:54,010
So if you managed to find a web site that allow you to run javascript code then the code will be executed
48
00:03:54,220 --> 00:03:55,290
by the clients.
49
00:03:55,300 --> 00:04:00,580
So even though the code might be injected into the web server it will be executed on the client side
50
00:04:00,760 --> 00:04:07,420
and it'll give you it'll allow you to do things to the client computer and not to the server.
51
00:04:07,750 --> 00:04:13,020
So it's very important to separate it between a client side and server side language.
5594
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.