Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,000 --> 00:00:04,440 Hi everyone, welcome to the first video of my channel. 2 00:00:04,440 --> 00:00:08,240 I'm very excited to finally be sharing the series with you, so I'm going to jump right 3 00:00:08,240 --> 00:00:14,920 ahead and talk about the type of videos that you'll be seeing in the next upcoming months. 4 00:00:14,920 --> 00:00:19,600 So the series is going to be called the Web Security Academy series, and that's because 5 00:00:19,600 --> 00:00:25,680 we'll be using the Web Security Academy platform that is developed by Port Swigger. 6 00:00:25,680 --> 00:00:29,360 For those of you that have never heard of the Web Security Academy, it's essentially 7 00:00:29,360 --> 00:00:33,480 a free online training platform for web application security. 8 00:00:33,480 --> 00:00:40,000 Again, it was developed by the Port Swigger research team, and one of the authors is actually 9 00:00:40,000 --> 00:00:46,040 the author of the Web Application Hacker's handbook, which is considered to be the Bible 10 00:00:46,040 --> 00:00:48,160 of Web Application Security. 11 00:00:48,160 --> 00:00:52,800 This is the book that I personally read and studied from when I first got started in this 12 00:00:52,800 --> 00:00:56,320 field, and I'm a huge fan of it. 13 00:00:56,320 --> 00:01:00,080 The book hasn't been updated since about 2011. 14 00:01:00,080 --> 00:01:06,080 The fundamentals are still the same, and I always recommend it to anyone that asks me 15 00:01:06,080 --> 00:01:08,760 how to get started in this field. 16 00:01:08,760 --> 00:01:14,760 That being said, I do recognize that we are in a constantly evolving field with new vulnerabilities 17 00:01:14,760 --> 00:01:20,360 and attack vectors coming out every day, and so I've always recommended this book with 18 00:01:20,360 --> 00:01:24,880 additional outside resources that tackled modern web technologies. 19 00:01:25,880 --> 00:01:31,040 However, when I heard that the author of the book had started a Web Security Academy, 20 00:01:31,040 --> 00:01:35,280 I obviously immediately signed up and just like I'm a huge fan of the book, I'm also 21 00:01:35,280 --> 00:01:42,360 a huge fan of the Academy, and so now whenever anyone asks me, I recommend the Web Application 22 00:01:42,360 --> 00:01:49,200 Hacker's handbook for the fundamentals and the Web Security Academy for hands-on experience. 23 00:01:49,640 --> 00:01:55,560 Now, before we continue, it's worth mentioning that I'm not in any way affiliated to Port 24 00:01:55,560 --> 00:01:56,560 Swiggar. 25 00:01:56,560 --> 00:02:00,640 This is just me sharing a platform that I think is very useful to the community. 26 00:02:00,640 --> 00:02:06,640 All right, let's go to their website and look at the type of training that they provide. 27 00:02:06,640 --> 00:02:12,080 So to access the Academy, visit portswiggar.net slash Web Security. 28 00:02:12,080 --> 00:02:15,800 You'll be presented with this page over here where you could sign up in order to access 29 00:02:15,800 --> 00:02:17,600 the labs. 30 00:02:17,600 --> 00:02:18,920 We're not going to do that. 31 00:02:18,920 --> 00:02:25,920 Instead, we're going to go down and click on View All Learning Materials. 32 00:02:25,920 --> 00:02:31,800 This presents you with the page that lists all the topics that the Academy covers. 33 00:02:31,800 --> 00:02:37,720 We're going to go down one more time and click on Web Security Academy. 34 00:02:37,720 --> 00:02:45,400 Okay, so most people don't know that the Academy has a learning path, so this is essentially 35 00:02:45,520 --> 00:02:50,840 the suggested learning path by Port Swiggar or anyone that is either new to Web Security 36 00:02:50,840 --> 00:02:54,640 or doesn't know which topic to begin with. 37 00:02:54,640 --> 00:02:57,400 And it's a path that we'll be following in our videos. 38 00:02:57,400 --> 00:03:04,120 It's divided into three sections, so server-side topics, client-side topics, and advanced topics. 39 00:03:04,120 --> 00:03:10,720 For the server-side topics, it covers the vulnerabilities that affect the backend of 40 00:03:10,720 --> 00:03:12,400 the application. 41 00:03:12,400 --> 00:03:19,400 Examples include SQL injection, command injection, SSRF, server-side request forgery, and so 42 00:03:19,520 --> 00:03:21,320 on. 43 00:03:21,320 --> 00:03:27,320 For the second section, client-side topics, that covers the vulnerabilities that affect 44 00:03:27,320 --> 00:03:30,760 the front end of the application. 45 00:03:30,760 --> 00:03:36,960 So a common example is cross-site scripting, clickjacking, vulnerabilities that affect 46 00:03:36,960 --> 00:03:37,880 WebSockets. 47 00:03:37,880 --> 00:03:45,280 So this is not common, but definitely an interesting class of vulnerabilities to look into. 48 00:03:45,280 --> 00:03:50,280 And then you've got the advanced topics, so topics that require vulnerabilities that require 49 00:03:50,280 --> 00:03:54,040 a deeper understanding of the material. 50 00:03:54,040 --> 00:04:00,480 And examples include insecurity serialization, server-side template injection. 51 00:04:00,480 --> 00:04:06,000 So this is definitely relevant to modern technologies, and same goes with this one, OAuth 52 00:04:06,120 --> 00:04:07,560 authentication, and so on. 53 00:04:07,560 --> 00:04:14,560 And you'll see each topic has a bunch of labs associated to it. 54 00:04:14,560 --> 00:04:20,880 So the nice thing that I like about the Academy is the fact that it can be easily updated. 55 00:04:20,880 --> 00:04:27,400 So unlike the book, which hasn't been updated since 2011, you'll see that the Academy is 56 00:04:27,400 --> 00:04:30,600 constantly updated by the Portzweger team. 57 00:04:30,600 --> 00:04:37,360 So you'll see them add new labs to existing topics or new topics as a whole. 58 00:04:37,360 --> 00:04:41,360 And the vulnerabilities that they cover in the Academy are realistic vulnerabilities that 59 00:04:41,360 --> 00:04:43,360 are found in the wild. 60 00:04:43,360 --> 00:04:49,720 All right, let's go back to the slides and talk about how the videos complement the Web 61 00:04:49,720 --> 00:04:53,080 Security Academy. 62 00:04:53,080 --> 00:04:58,760 So my vision for the videos is that if you follow the, if you watch the videos, you do 63 00:04:58,840 --> 00:05:02,360 the exercises in the Academy, and you have the book as a reference. 64 00:05:02,360 --> 00:05:06,920 So you read the book, then you would be up to an intermediate level of knowledge in terms 65 00:05:06,920 --> 00:05:11,360 of your web application pentesting skills. 66 00:05:11,360 --> 00:05:16,160 So to get to an advanced level, you obviously need years of real-world experience. 67 00:05:16,160 --> 00:05:21,240 However, if you have these three resources, if you follow these three resources, then 68 00:05:21,240 --> 00:05:26,880 you should be above a beginner level, about an intermediate level in terms of your knowledge. 69 00:05:26,920 --> 00:05:34,920 So the videos will essentially just complement the Academy and the book. 70 00:05:34,920 --> 00:05:40,560 We'll be following the same learning path that Portzweger recommended. 71 00:05:40,560 --> 00:05:44,240 And so we'll start off with the SQL injection module. 72 00:05:44,240 --> 00:05:50,720 For each module, we'll have two types of videos, theory videos and lab videos. 73 00:05:50,720 --> 00:05:58,400 For the theory videos, we'll cover the background knowledge that is required in order to do 74 00:05:58,400 --> 00:06:01,280 the hands-on exercises. 75 00:06:01,280 --> 00:06:07,080 So we'll cover the technical details of the vulnerability, how to detect it, so how to 76 00:06:07,080 --> 00:06:11,160 find it, how to exploit it, and then how to prevent it. 77 00:06:11,160 --> 00:06:16,000 The pictures that you see on the slides over here are from the SQL injection theory video 78 00:06:16,000 --> 00:06:18,160 that is coming out next week. 79 00:06:18,160 --> 00:06:20,560 And that's something that I forgot to mention earlier. 80 00:06:20,560 --> 00:06:25,360 Videos are scheduled to come out on a weekly basis. 81 00:06:25,360 --> 00:06:29,640 Now for the theory, videos will go more in depth than the Academy in terms of technical 82 00:06:29,640 --> 00:06:36,440 details and it will be more in line with the web application hacker's handbook. 83 00:06:36,440 --> 00:06:43,800 Okay, now once you have the background knowledge, we'll jump into the lab exercises. 84 00:06:43,800 --> 00:06:50,480 Each lab has a dedicated video where we exploit the vulnerability manually first and then we 85 00:06:50,480 --> 00:06:52,720 script it. 86 00:06:52,720 --> 00:06:56,280 That's something that I'm really focusing on in the labs. 87 00:06:56,280 --> 00:07:01,320 I believe that to be an effective pen tester, you do need to know at least one scripting 88 00:07:01,320 --> 00:07:02,820 language. 89 00:07:02,820 --> 00:07:07,880 And you'll see a lot of debate about this online, but the reality is during your pen testing 90 00:07:07,880 --> 00:07:12,920 career, you will come across situations where it's very unrealistic that you can exploit 91 00:07:13,000 --> 00:07:15,880 a vulnerability using only manual means. 92 00:07:15,880 --> 00:07:21,720 And a classic example of that that we'll see in the videos and in the labs is Boolean-based 93 00:07:21,720 --> 00:07:28,400 blind SQL injection where you're stuck asking the application to unfalse questions. 94 00:07:28,400 --> 00:07:34,800 And if you want to properly exploit that vulnerability and extract, for example, password hashes or 95 00:07:34,800 --> 00:07:41,520 reset tokens, you need to send hundreds if not thousands of requests to the application. 96 00:07:41,520 --> 00:07:45,120 So if you don't know how to script it, all you would have to show to the client is the 97 00:07:45,120 --> 00:07:48,960 fact that there is a blind SQL injection vulnerability because that's easy. 98 00:07:48,960 --> 00:07:50,760 That can be done with one request. 99 00:07:50,760 --> 00:07:57,880 However, you can't really show the detrimental effect of exploiting that vulnerability. 100 00:07:57,880 --> 00:08:03,240 So that's why in each lab, we will script the exploit regardless of how trivial it is. 101 00:08:03,240 --> 00:08:08,080 And our programming language of choice is going to be Python 3. 102 00:08:08,080 --> 00:08:11,840 All right. 103 00:08:11,840 --> 00:08:13,480 That's how the videos will be structured. 104 00:08:13,480 --> 00:08:20,200 Now let's discuss the type of individuals that will find the videos useful. 105 00:08:20,200 --> 00:08:26,040 The first obvious answer is our individuals that are trying to get into the web application 106 00:08:26,040 --> 00:08:27,440 pen testing field. 107 00:08:27,440 --> 00:08:31,000 Again, I've mentioned this earlier and I'll mention it over here. 108 00:08:31,000 --> 00:08:35,920 If anyone asks me how to get into this field, I always recommend the web application hackers 109 00:08:35,920 --> 00:08:42,280 handbook for the fundamentals and the web security academy for hands-on experience. 110 00:08:42,280 --> 00:08:46,520 And these videos will just complement those two resources. 111 00:08:46,520 --> 00:08:49,720 Up next, we've got the web developers. 112 00:08:49,720 --> 00:08:54,040 So the idea is that we develop secure applications from the get go. 113 00:08:54,040 --> 00:09:00,720 And so learning how web app pen testers test applications that could be very useful to web 114 00:09:00,720 --> 00:09:06,720 app developers when they're developing their applications. 115 00:09:06,720 --> 00:09:08,720 And then we have the bug bounty hunter. 116 00:09:08,720 --> 00:09:13,080 So I personally don't do bug bounty, but I do follow a bunch of people that have experience 117 00:09:13,080 --> 00:09:14,080 in that field. 118 00:09:14,080 --> 00:09:18,320 And I read the write-ups when their bugs get published. 119 00:09:18,320 --> 00:09:24,200 And I can say for sure that the academy covers realistic vulnerabilities that are found in 120 00:09:24,200 --> 00:09:27,080 the wild. 121 00:09:27,080 --> 00:09:32,880 Up next, we've got the individuals who want to enroll in the OSWE. 122 00:09:32,880 --> 00:09:36,880 So the offensive security web expert certification. 123 00:09:36,880 --> 00:09:38,840 This might be the majority of you. 124 00:09:38,840 --> 00:09:44,360 So this is a white box web application pen testing certification offered by offensive 125 00:09:44,360 --> 00:09:45,520 security. 126 00:09:45,520 --> 00:09:52,440 I'm currently working through the certification and I always get questions and get asked the 127 00:09:52,440 --> 00:09:57,960 type of knowledge that people need before they enroll in the certification. 128 00:09:57,960 --> 00:09:59,800 So how to prepare for the cert. 129 00:09:59,800 --> 00:10:04,520 And I always mention it, and I'll mention it again over here, is that this certification 130 00:10:04,520 --> 00:10:07,920 is definitely not an entry level certification. 131 00:10:07,920 --> 00:10:11,480 And it's not advertised as an entry level certification. 132 00:10:11,480 --> 00:10:18,280 So having gone through the material myself, you definitely need a year's worth of experience 133 00:10:18,280 --> 00:10:24,120 in web app pen testing, whether that's through your profession or through bug bounty hunting 134 00:10:24,120 --> 00:10:26,640 or through resources like this. 135 00:10:26,640 --> 00:10:30,920 But you definitely need at least a year's worth of experience before you enroll in the 136 00:10:30,920 --> 00:10:31,920 cert. 137 00:10:31,920 --> 00:10:39,160 I'll have a separate video discussing my experience with the OSWE certification, but for now, 138 00:10:39,160 --> 00:10:43,640 if you're looking to enroll in the cert sometime in the future, then a great resource would 139 00:10:43,640 --> 00:10:49,280 be to first enroll in the web security academy and start learning about all the different 140 00:10:49,280 --> 00:10:54,280 types of vulnerabilities that could potentially exist in applications. 141 00:10:54,280 --> 00:10:57,840 Now another thing that we do in the video that would be very useful for the certification 142 00:10:57,840 --> 00:11:00,600 is the fact that we script all of our exploits. 143 00:11:00,600 --> 00:11:05,480 So in the certification, you're going to have to chain a bunch of vulnerabilities to first 144 00:11:05,480 --> 00:11:11,200 bypass authentication and then to eventually gain remote code execution. 145 00:11:11,200 --> 00:11:16,880 And that chain of vulnerabilities needs to be scripted in one script so that when you 146 00:11:16,880 --> 00:11:19,960 run the script, it automatically does all that for you. 147 00:11:19,960 --> 00:11:22,600 And that's what we do in the videos. 148 00:11:22,600 --> 00:11:26,840 So if you gain a little bit of experience in that before you enroll in the cert, it's 149 00:11:26,840 --> 00:11:34,040 definitely going to come in handy when you are working in the OSWE labs. 150 00:11:34,040 --> 00:11:39,920 Okay, last but not least, I'm being a little bit ambitious with this last one, but everyone 151 00:11:39,920 --> 00:11:40,920 else. 152 00:11:41,640 --> 00:11:46,400 Anyone that is interested in this field, I'm sure you'll find something in these videos 153 00:11:46,400 --> 00:11:48,560 useful. 154 00:11:48,560 --> 00:11:52,720 And that wraps up the security academy series intro. 15589