1 00:00:00,790 --> 00:00:04,400 ‫So finally, we're going to get into the actual hacking part. 2 00:00:05,050 --> 00:00:06,190 ‫I know you're impatient. 3 00:00:06,280 --> 00:00:07,250 ‫No, I'm just kidding. 4 00:00:07,270 --> 00:00:10,120 ‫I know you're eager and that's a good thing. 5 00:00:11,360 --> 00:00:21,770 ‫So you've got the idea of web and Web applications and the interconnectivity and all that, the specifications 6 00:00:21,770 --> 00:00:25,900 ‫and how all the standards work and what they actually mean to us. 7 00:00:27,200 --> 00:00:34,220 ‫So now it's time to start practicing real hacking in the lab now, following a methodology like the 8 00:00:34,220 --> 00:00:37,010 ‫old WASP testing guide is really useful. 9 00:00:37,820 --> 00:00:44,090 ‫And for the most part in these guides, you will see testing procedures that are divided into different 10 00:00:44,090 --> 00:00:48,230 ‫stages, such as reconnaissance, exploitation and reporting. 11 00:00:49,190 --> 00:00:55,970 ‫So here when I was creating course, I pretty much did the same and divided the Web penetration testing 12 00:00:55,970 --> 00:00:58,400 ‫procedures into seven different stages. 13 00:00:58,820 --> 00:01:01,280 ‫And these are mostly acceptable in a field. 14 00:01:02,500 --> 00:01:04,430 ‫You can start from wherever you want to. 15 00:01:04,450 --> 00:01:11,290 ‫I don't want to force you, but to me, I really do advise you to follow along sequentially every part 16 00:01:11,290 --> 00:01:13,900 ‫and then perform all of the different steps. 17 00:01:15,230 --> 00:01:21,530 ‫Because you have to remember, your aim is to identify as many bugs as you can as a penetration test 18 00:01:21,530 --> 00:01:21,710 ‫your. 19 00:01:22,590 --> 00:01:29,870 ‫So that way you can cover every aspect of the application, no stone unturned, so to speak. 20 00:01:31,260 --> 00:01:37,500 ‫So let's get started with information gathering, reconnaissance and discovery. 21 00:01:38,410 --> 00:01:45,290 ‫So information gathering or or reconnaissance or discovery, it all means the same thing to us. 22 00:01:46,150 --> 00:01:49,900 ‫It's to me the crucial stage of testing. 23 00:01:50,470 --> 00:01:53,410 ‫So allow me to identify this face like this. 24 00:01:53,830 --> 00:01:59,410 ‫It's a phase in which we will extract information regarding the target that we're attempting to hack. 25 00:01:59,800 --> 00:02:06,670 ‫And then this information can be anything directly or indirectly about the target application or the 26 00:02:06,670 --> 00:02:07,210 ‫customer. 27 00:02:07,690 --> 00:02:12,270 ‫Remember the video about attack surfaces when doing a weapon test? 28 00:02:12,280 --> 00:02:17,110 ‫We need to explore all the possibilities of breaking into the Web application. 29 00:02:18,090 --> 00:02:24,870 ‫That's why we need to know about the application database server as well as the users, so the more 30 00:02:24,870 --> 00:02:30,720 ‫information we gather about the target, the more options we will have while we're testing. 31 00:02:31,630 --> 00:02:34,660 ‫Now, to be more specific, this phase includes. 32 00:02:35,520 --> 00:02:43,170 ‫Identifying the IP addresses, subdomains and related information, accumulating information about the 33 00:02:43,170 --> 00:02:51,180 ‫target Web site from publicly available resources such as Google Bing ya archive Big and Shodan. 34 00:02:52,030 --> 00:02:59,440 ‫Identifying people related to the target with the help of social networking sites such as Facebook or 35 00:02:59,440 --> 00:03:07,000 ‫Twitter, spidering the Web application and creating site maps to understand the flow of the application. 36 00:03:08,250 --> 00:03:12,930 ‫You really should consider any information gathered at this stage important. 37 00:03:14,280 --> 00:03:20,910 ‫Because even a small bit of information that looks like it could be nothing may help you exploit in 38 00:03:20,910 --> 00:03:28,170 ‫the later stages of the test, the success of the penetration test depends on the quality of the information 39 00:03:28,170 --> 00:03:31,310 ‫gathered in this stage called.