WEBVTT 0:00:03.740000 --> 0:00:07.200000 Web application security testing. 0:00:07.200000 --> 0:00:12.100000 Now that we've gotten an understanding as to what web applications are, 0:00:12.100000 --> 0:00:16.800000 what web application security is all about, we can turn our attention 0:00:16.800000 --> 0:00:21.240000 to the process of web application security testing. 0:00:21.240000 --> 0:00:24.780000 And more than that, I'm going to be clarifying the difference between 0:00:24.780000 --> 0:00:30.420000 web application security testing and web application penetration testing. 0:00:30.420000 --> 0:00:33.280000 Now as I said, you don't need to worry as to whether we'll be covering 0:00:33.280000 --> 0:00:35.160000 one or the other. 0:00:35.160000 --> 0:00:38.740000 It'll become clear that we will be covering both. 0:00:38.740000 --> 0:00:43.540000 The reason we actually call this course web application security testing 0:00:43.540000 --> 0:00:49.440000 and why we'll refer to this particular term throughout this learning path 0:00:49.440000 --> 0:00:54.540000 in some of the other courses is primarily because web application security 0:00:54.540000 --> 0:01:00.600000 testing is sort of an all-encompassing term that is used to describe pretty 0:01:00.600000 --> 0:01:02.200000 much the same thing. 0:01:02.200000 --> 0:01:04.360000 However, the differences should be understood. 0:01:04.360000 --> 0:01:07.860000 And when I speak of the differences, I'm referring to the differences 0:01:07.860000 --> 0:01:12.220000 between web app security testing and web app pen testing. 0:01:12.220000 --> 0:01:17.920000 So again, without making your way too long, let's get started by getting 0:01:17.920000 --> 0:01:22.640000 an introduction as to what web application security testing is. 0:01:22.640000 --> 0:01:27.720000 So we already know what web application security is, but what is the testing 0:01:27.720000 --> 0:01:32.780000 bit all about? Well, web application security testing is the process of 0:01:32.780000 --> 0:01:39.300000 evaluating or assessing the security aspects of web applications in order 0:01:39.300000 --> 0:01:43.740000 to identify vulnerabilities, weaknesses and potential risks. 0:01:43.740000 --> 0:01:50.220000 So this process, the process of web app security testing, comes from the 0:01:50.220000 --> 0:01:53.800000 need and importance of web application security. 0:01:53.800000 --> 0:01:57.700000 So it's brought about by those particular reasons. 0:01:57.700000 --> 0:02:01.560000 If you refer to the previous video, we went through them in quite a lot 0:02:01.560000 --> 0:02:06.460000 of depth. So it essentially involves conducting various tests and assessments 0:02:06.460000 --> 0:02:12.420000 to ensure that web applications are resistant to security threats and 0:02:12.420000 --> 0:02:17.640000 can effectively protect sensitive data and functionalities from unauthorized 0:02:17.640000 --> 0:02:20.900000 access or malicious activity. 0:02:20.900000 --> 0:02:24.540000 All right, so what we're doing here with web application security testing 0:02:24.540000 --> 0:02:29.760000 is just as you would with a pen test, you know that you need to secure 0:02:29.760000 --> 0:02:34.120000 your organization from threats or vulnerabilities and attackers and all 0:02:34.120000 --> 0:02:39.320000 of that, you know, that entire collection of bad things or risks, as we 0:02:39.320000 --> 0:02:41.940000 would call them in cybersecurity. 0:02:41.940000 --> 0:02:45.860000 And the way you're going to do this or the approach that web application 0:02:45.860000 --> 0:02:52.260000 security testing leverages or utilizes is by taking a proactive approach 0:02:52.260000 --> 0:02:57.380000 in that you are testing your web application with regards to the various 0:02:57.380000 --> 0:03:03.160000 security concerns that we highlighted in the previous video. 0:03:03.160000 --> 0:03:08.360000 We are testing our web application in order to identify those vulnerabilities 0:03:08.360000 --> 0:03:14.240000 or misconfigurations so that they can be patched or fixed before an attacker 0:03:14.240000 --> 0:03:15.580000 can exploit them. 0:03:15.580000 --> 0:03:19.220000 So you're taking a very proactive approach to security here. 0:03:19.220000 --> 0:03:24.260000 Now, the primary goal of web application security testing is to uncover 0:03:24.260000 --> 0:03:28.320000 security flaws before they exploited by attackers, as I just said. 0:03:28.320000 --> 0:03:33.720000 And by identifying and addressing vulnerabilities, organizations can enhance 0:03:33.720000 --> 0:03:38.580000 the overall security posture of their web applications, reduce the risk 0:03:38.580000 --> 0:03:43.800000 of data breaches and unauthorized access, and protect their users and 0:03:43.800000 --> 0:03:46.180000 their sensitive information. 0:03:46.180000 --> 0:03:52.560000 And again, just to meander or to wander off slightly, this is why a lot 0:03:52.560000 --> 0:03:57.560000 of organizations and companies have started their own bug bounty programs, 0:03:57.560000 --> 0:04:04.380000 not because they don't have their own in-house talent to actually go ahead 0:04:04.380000 --> 0:04:08.580000 and assess these vulnerabilities or to go ahead and assess their web applications, 0:04:08.580000 --> 0:04:13.280000 but because of the importance of web application security testing, they 0:04:13.280000 --> 0:04:18.480000 aren't, mostly, commonly, aren't enough hands in-house within the organization 0:04:18.480000 --> 0:04:22.360000 to perform web application security testing efficiently. 0:04:22.360000 --> 0:04:27.880000 As a result, bug bounty hunting or bug bounty programs allow organizations 0:04:27.880000 --> 0:04:35.360000 to increase their dragnet of talent in terms of getting other professionals, 0:04:35.360000 --> 0:04:38.940000 bug bounty hunters, web app testers, whatever you want to call them, to 0:04:38.940000 --> 0:04:43.720000 go ahead and perform the security testing from them, and the advantages 0:04:43.720000 --> 0:04:47.060000 that they get are twofold primarily. 0:04:47.060000 --> 0:04:53.000000 Number one, they have a wider amount of people performing tests on their 0:04:53.000000 --> 0:04:55.240000 web application, legally, of course. 0:04:55.240000 --> 0:04:58.840000 Those individuals are incentivized because they either get rewards or 0:04:58.840000 --> 0:05:03.440000 they get a straight payment for discovering a potential vulnerability 0:05:03.440000 --> 0:05:09.820000 or a vulnerability, and then verifying the efficacy of the exploitation 0:05:09.820000 --> 0:05:13.000000 of the vulnerability by providing a proof of concept. 0:05:13.000000 --> 0:05:19.460000 And secondly, in terms of why this is so important, bug bounty programs 0:05:19.460000 --> 0:05:24.800000 have proven to be very useful and actually helpful to organizations in 0:05:24.800000 --> 0:05:30.320000 addressing or identifying some very common low-hanging fruit in terms 0:05:30.320000 --> 0:05:34.300000 of vulnerabilities that were typically exploited by attackers and were 0:05:34.300000 --> 0:05:39.300000 very easy to essentially miss out on if you are performing your security 0:05:39.300000 --> 0:05:41.000000 tests internally. 0:05:41.000000 --> 0:05:45.780000 Now, by no means am I downplaying the need for you or your organization 0:05:45.780000 --> 0:05:50.080000 and the developers that work within the organization to perform your own 0:05:50.080000 --> 0:05:55.260000 security testing, but the important thing to note is that the process 0:05:55.260000 --> 0:05:59.840000 of web application security testing remains paramount regardless of what 0:05:59.840000 --> 0:06:01.380000 approach you take. 0:06:01.380000 --> 0:06:06.320000 The most important thing is to begin the process and secondly, to ensure 0:06:06.320000 --> 0:06:11.400000 that when you perform a web application security test or a web application 0:06:11.400000 --> 0:06:16.000000 penetration test, you are doing it thoroughly to get from the perspective 0:06:16.000000 --> 0:06:20.740000 of the organization so that they can get the biggest bang for their buck, 0:06:20.740000 --> 0:06:25.580000 and from the web application security test perspective or the web application 0:06:25.580000 --> 0:06:31.780000 penetration test perspective to essentially ensure that they have performed 0:06:31.780000 --> 0:06:35.180000 a good security test or assessment. 0:06:35.180000 --> 0:06:40.320000 And as I said, we'll get into the differences between web app security 0:06:40.320000 --> 0:06:45.640000 testing and web app testing shortly, but the most important thing that 0:06:45.640000 --> 0:06:49.400000 you need to understand about web application security testing is that 0:06:49.400000 --> 0:06:52.860000 it has various types, and this is where the whole subset of types comes 0:06:52.860000 --> 0:06:57.660000 into play, and this will consequently affect the strategy that you take 0:06:57.660000 --> 0:07:01.220000 with regards to implementing web application security testing. 0:07:01.220000 --> 0:07:04.280000 And of course, as you may have noticed, I'm looking at this from both 0:07:04.280000 --> 0:07:07.600000 perspectives, from the perspective of the web application penetration 0:07:07.600000 --> 0:07:12.940000 tester, or bug bounty hunter, or web application security tester, or professional, 0:07:12.940000 --> 0:07:16.140000 as they're called, and the organization itself. 0:07:16.140000 --> 0:07:20.620000 All right, so the key thing to note is that web application security testing 0:07:20.620000 --> 0:07:26.320000 typically involves a combination of automated scanning tools or automated 0:07:26.320000 --> 0:07:29.260000 solutions and manual testing techniques. 0:07:29.260000 --> 0:07:32.180000 Now, what will we be covering in this course? 0:07:32.180000 --> 0:07:35.780000 And consequently, the other courses within this learning path, well, this 0:07:35.780000 --> 0:07:37.120000 is the great thing. 0:07:37.120000 --> 0:07:40.440000 We're going to focus on how to perform the testing manually. 0:07:40.440000 --> 0:07:45.520000 However, we will also be augmenting this through the use of industry standard 0:07:45.520000 --> 0:07:48.580000 automated tools or automation tools, if you will. 0:07:48.580000 --> 0:07:51.020000 So think of a web proxy like burpsweet. 0:07:51.020000 --> 0:07:55.560000 It is sort of in the middle of both manual and automated testing, but 0:07:55.560000 --> 0:07:59.100000 can be leveraged for both two different degrees, right? 0:07:59.100000 --> 0:08:01.720000 And this brings me to the actual type. 0:08:01.720000 --> 0:08:05.960000 So there are some common types of web application security testing or 0:08:05.960000 --> 0:08:11.420000 tests conducted on web applications, and these include vulnerability scanning. 0:08:11.420000 --> 0:08:12.600000 This is very common. 0:08:12.600000 --> 0:08:16.640000 And again, I'm not going to apply a positive or negative connotation unless 0:08:16.640000 --> 0:08:18.940000 it is worthy of it. 0:08:18.940000 --> 0:08:20.740000 But vulnerability scanning is very common. 0:08:20.740000 --> 0:08:24.900000 You may be familiar with vulnerability scanning, you know, traditional 0:08:24.900000 --> 0:08:30.240000 vulnerability scanning on target or on actual hosts or operating systems. 0:08:30.240000 --> 0:08:34.580000 But this involves the use of automated tools to scan the web application 0:08:34.580000 --> 0:08:36.260000 for known vulnerabilities. 0:08:36.260000 --> 0:08:41.460000 These vulnerabilities could be SQL injection, cross-site scripting, vulnerabilities, 0:08:41.460000 --> 0:08:46.400000 insecure misconfigurations or insecure configurations and outdated software 0:08:46.400000 --> 0:08:51.800000 versions. So in terms of my experience, what I always recommend to an 0:08:51.800000 --> 0:08:56.540000 organization is to utilize these tools, the automated vulnerability scanning 0:08:56.540000 --> 0:09:02.880000 tools to establish a baseline level of their security, after which they 0:09:02.880000 --> 0:09:07.120000 should then move into web application penetration testing. 0:09:07.120000 --> 0:09:09.620000 And that is what I wanted to point out. 0:09:09.620000 --> 0:09:14.940000 So web application penetration testing is a subset of web application 0:09:14.940000 --> 0:09:16.060000 security testing. 0:09:16.060000 --> 0:09:22.120000 So think of security testing as the broader categorization of the process 0:09:22.120000 --> 0:09:28.340000 of testing for or assessing and performing a security assessment on a 0:09:28.340000 --> 0:09:29.320000 web application. 0:09:29.320000 --> 0:09:32.740000 And penetration testing in the case of web applications is the process 0:09:32.740000 --> 0:09:37.400000 of simulating real-world attacks to assess the application's defenses 0:09:37.400000 --> 0:09:42.300000 and to identify potential security weaknesses, vulnerabilities, misconfigurations, 0:09:42.300000 --> 0:09:46.420000 et cetera. And then the process of testing is a very important process 0:09:46.420000 --> 0:09:49.180000 that is very important to gain insights into how an attacker might exploit 0:09:49.180000 --> 0:09:50.620000 vulnerabilities. 0:09:50.620000 --> 0:09:54.240000 You then have code review and static analysis. 0:09:54.240000 --> 0:09:58.320000 Now, this is very important because while we will not be focusing too 0:09:58.320000 --> 0:10:02.900000 much on this, because this is not a defensive course and this is not a 0:10:02.900000 --> 0:10:06.740000 defensive learning path or certification for that matter, the key thing 0:10:06.740000 --> 0:10:12.140000 to note is that we'll be highlighting within the courses in the learning 0:10:12.140000 --> 0:10:17.360000 path, not just how you can exploit a vulnerability like SQL injection, 0:10:17.360000 --> 0:10:21.880000 but we'll be taking a look at what causes the vulnerability, how this 0:10:21.880000 --> 0:10:26.280000 vulnerability is typically found or identified by attackers, how it is 0:10:26.280000 --> 0:10:30.420000 exploited, and furthermore, based on that process, you as a developer 0:10:30.420000 --> 0:10:35.800000 or web application security professional will be able to go ahead and 0:10:35.800000 --> 0:10:37.140000 patch or mitigate it. 0:10:37.140000 --> 0:10:40.620000 And with regards to the identification of the vulnerability, we delve 0:10:40.620000 --> 0:10:46.660000 into the sort of a very rudimentary code review and static analysis aspect 0:10:46.660000 --> 0:10:51.400000 of it, to essentially learn what causes the vulnerability. 0:10:51.400000 --> 0:10:56.100000 So in terms of code review and static analysis, manual examination of 0:10:56.100000 --> 0:11:01.320000 the web application source code is done to identify coding flaws, security 0:11:01.320000 --> 0:11:04.060000 misconfigurations, and potential risks. 0:11:04.060000 --> 0:11:09.260000 Now, it is to be noted that this is a practice in and of its own, and 0:11:09.260000 --> 0:11:13.860000 as a result, it needs to be treated with the professionalism that it deserves. 0:11:13.860000 --> 0:11:17.820000 What I mean by that is that good code review and static analysis can only 0:11:17.820000 --> 0:11:22.400000 be done by pen testers or web app pen testers that have experience with 0:11:22.400000 --> 0:11:26.200000 development in the language of the web application that it has been developed 0:11:26.200000 --> 0:11:31.360000 in. My point is that if I've been developing web applications in PHP, 0:11:31.360000 --> 0:11:36.020000 I'm really not a suitable, if I've been developing web applications in 0:11:36.020000 --> 0:11:40.840000 PHP and I've performed pen tests on web applications running on PHP or 0:11:40.840000 --> 0:11:45.500000 utilizing PHP, I'm not really the best candidate to perform code review 0:11:45.500000 --> 0:11:49.700000 and static analysis on .NET web applications, for example. 0:11:49.700000 --> 0:11:51.500000 Now, that doesn't mean that I can do it. 0:11:51.500000 --> 0:11:55.380000 It means that this should be relegated to the in-house team that already 0:11:55.380000 --> 0:12:02.360000 has an understanding of the language, and this is where coding security 0:12:02.360000 --> 0:12:05.900000 or secure coding best practices can be implemented. 0:12:05.900000 --> 0:12:09.040000 A lot of that can then be outsourced, but again, remember source code 0:12:09.040000 --> 0:12:12.760000 may be part of your intellectual property that you may not want to release 0:12:12.760000 --> 0:12:14.620000 or reveal to the public. 0:12:14.620000 --> 0:12:18.080000 But general source code that is available or publicly accessible through 0:12:18.080000 --> 0:12:24.780000 the web application is frequently audited or reviewed by the bug bounty 0:12:24.780000 --> 0:12:29.180000 hunters or web application penetration test as that are performing the 0:12:29.180000 --> 0:12:35.540000 assessment in order to identify fairly common flaws or misconfigurations. 0:12:35.540000 --> 0:12:40.480000 We then have authentication and authorization testing. 0:12:40.480000 --> 0:12:44.500000 So this is a continuation of the web application security testing types. 0:12:44.500000 --> 0:12:48.740000 This process can be sort of conjoined into web application penetration 0:12:48.740000 --> 0:12:51.240000 testing, but for now, let's treat them separately. 0:12:51.240000 --> 0:12:55.840000 So this involves evaluating the effectiveness of authentication mechanisms 0:12:55.840000 --> 0:13:00.560000 and access control features to ensure that only authorized users have 0:13:00.560000 --> 0:13:02.360000 appropriate access levels. 0:13:02.360000 --> 0:13:03.820000 Fairly simple to understand. 0:13:03.820000 --> 0:13:07.580000 We'll be taking a look at this in this particular learning path. 0:13:07.580000 --> 0:13:10.860000 We then have input validation and output encoding testing. 0:13:10.860000 --> 0:13:16.040000 This involves assessing how the web application handles user inputs to 0:13:16.040000 --> 0:13:19.520000 prevent common security vulnerabilities like cross-site scripting, SQL 0:13:19.520000 --> 0:13:23.660000 injection, and other types of injection attacks. 0:13:23.660000 --> 0:13:27.060000 And yeah, this is also, these are vulnerabilities we'll be covering within 0:13:27.060000 --> 0:13:28.740000 this learning path as well. 0:13:28.740000 --> 0:13:31.120000 We then have session management testing. 0:13:31.120000 --> 0:13:34.860000 This involves verifying how the web application manages user sessions 0:13:34.860000 --> 0:13:39.800000 and related tokens to prevent session-related attacks. 0:13:39.800000 --> 0:13:42.260000 And of course, we also have API security testing. 0:13:42.260000 --> 0:13:45.520000 This involves assessing the security of APIs. 0:13:45.520000 --> 0:13:51.160000 These are called, or API stands for application programming interfaces 0:13:51.160000 --> 0:13:55.460000 that are used by the web application for data exchange and integration 0:13:55.460000 --> 0:13:56.780000 with other systems. 0:13:56.780000 --> 0:14:00.600000 And that is very, very important because modern web applications utilize 0:14:00.600000 --> 0:14:06.280000 APIs for a lot of communication with other components or maybe even other 0:14:06.280000 --> 0:14:11.780000 services with regards to the request for or the transmission of data to 0:14:11.780000 --> 0:14:14.120000 and from the web application itself. 0:14:14.120000 --> 0:14:21.080000 And again, we'll be taking a look at this in the service testing course 0:14:21.080000 --> 0:14:23.180000 within this learning path in and of its own. 0:14:23.180000 --> 0:14:27.340000 And we'll be taking a look at, you know, SOAP and all of that good stuff 0:14:27.340000 --> 0:14:30.420000 with regards to API security testing. 0:14:30.420000 --> 0:14:36.340000 And then of course, revisiting the definition of the two. 0:14:36.340000 --> 0:14:40.500000 That, you know, that brings us to web application penetration testing. 0:14:40.500000 --> 0:14:46.640000 So as I've already told you, web application penetration testing exists 0:14:46.640000 --> 0:14:51.120000 as a subset of the web application security testing process. 0:14:51.120000 --> 0:14:56.400000 And again, I'll explain why we are going by the term web application security 0:14:56.400000 --> 0:15:00.280000 testing. Of course, taking into account what I've already said about the 0:15:00.280000 --> 0:15:04.780000 fact that we will not be only focusing on exploitation of the vulnerabilities, 0:15:04.780000 --> 0:15:09.740000 but also, you know, taking a look at what the vulnerability is, what causes 0:15:09.740000 --> 0:15:13.120000 it, how to identify it, and then how to exploit it. 0:15:13.120000 --> 0:15:17.580000 So web application penetration testing is a subset of web application 0:15:17.580000 --> 0:15:23.200000 security testing that specifically involves attempting to exploit identified 0:15:23.200000 --> 0:15:24.480000 vulnerabilities. 0:15:24.480000 --> 0:15:29.280000 So this is the key distinction or differentiating factor between the two. 0:15:29.280000 --> 0:15:32.900000 If you can call it a differentiating factor, as I said, it's more so a 0:15:32.900000 --> 0:15:37.960000 subset. So web application security testing is pretty much all encompassing. 0:15:37.960000 --> 0:15:41.460000 And whenever you're performing a web application penetration test, if 0:15:41.460000 --> 0:15:48.000000 you're doing a thorough one, you're most likely performing a web application 0:15:48.000000 --> 0:15:51.960000 security test as opposed to a penetration test. 0:15:51.960000 --> 0:15:55.560000 And the reason for this will become apparent as we progress within this 0:15:55.560000 --> 0:16:00.880000 course. So a web application penetration test is a simulated attack on 0:16:00.880000 --> 0:16:04.380000 the web application conducted by skilled security professionals known 0:16:04.380000 --> 0:16:09.120000 as pen testers or bug bounty hunters, or even ethical hackers. 0:16:09.120000 --> 0:16:14.400000 Right. And the process involves a systematic and controlled approach to 0:16:14.400000 --> 0:16:19.460000 assess the application security by attempting to exploit known vulnerabilities. 0:16:19.460000 --> 0:16:24.240000 So again, web application penetration testing's primary focus is exploitation 0:16:24.240000 --> 0:16:29.460000 of vulnerabilities to verify risk and the threat posed by a vulnerability, 0:16:29.460000 --> 0:16:34.440000 right? Or the current threat landscape that the web application is dealing 0:16:34.440000 --> 0:16:39.500000 with in terms of, you know, what it is likely to attack is likely to face 0:16:39.500000 --> 0:16:40.980000 in terms of potential attacks. 0:16:40.980000 --> 0:16:44.620000 And this information is very useful to organizations because they can 0:16:44.620000 --> 0:16:49.360000 very quickly get an understanding as to what vulnerabilities or misconfigurations 0:16:49.360000 --> 0:16:52.360000 they need to work on or patch. 0:16:52.360000 --> 0:16:56.940000 And as I said, key differentiating factor between both of these two terms 0:16:56.940000 --> 0:17:01.920000 is very minute. And just think of web app testing with regards to it as 0:17:01.920000 --> 0:17:05.780000 a term being a subset of web application security testing. 0:17:05.780000 --> 0:17:10.040000 As I said, within this course and other courses within the learning path, 0:17:10.040000 --> 0:17:13.220000 I'll be using them interchangeably just know that I'm referring to the 0:17:13.220000 --> 0:17:17.500000 same thing. And there may be specialized cases in the exploitation courses, 0:17:17.500000 --> 0:17:19.280000 we'll call it web app pen testing. 0:17:19.280000 --> 0:17:25.900000 But the other key differences between the two also branch out into the 0:17:25.900000 --> 0:17:27.060000 following factors. 0:17:27.060000 --> 0:17:29.020000 So number one, the scope, right? 0:17:29.020000 --> 0:17:32.240000 So if you're familiar with pen testing, you know what scope is all about. 0:17:32.240000 --> 0:17:37.100000 So in terms of the scope, web application security testing covers a broader 0:17:37.100000 --> 0:17:41.300000 range of assessments, including static and dynamic analysis, as I've already 0:17:41.300000 --> 0:17:46.080000 pointed out, well web application pen tests focus on actively exploiting 0:17:46.080000 --> 0:17:47.660000 vulnerabilities. 0:17:47.660000 --> 0:17:50.100000 Moving on to the objectives, right? 0:17:50.100000 --> 0:17:54.000000 So the primary goal of security testing is to identify weaknesses, whereas 0:17:54.000000 --> 0:17:57.980000 pen testing aims to validate vulnerabilities and assess the organization's 0:17:57.980000 --> 0:18:00.240000 ability to detect and respond to attacks. 0:18:00.240000 --> 0:18:05.560000 So the reason why that distinction is important is because many people 0:18:05.560000 --> 0:18:10.140000 will think of them as two different concepts or two different practices. 0:18:10.140000 --> 0:18:15.880000 However, you can think of them as part of the same larger process. 0:18:15.880000 --> 0:18:19.980000 And again, essentially utilizing a cyclic system. 0:18:19.980000 --> 0:18:24.760000 If you implement it that way, what that means is that you can involve 0:18:24.760000 --> 0:18:30.160000 the web app pen testing section or subset in terms of the system. 0:18:30.160000 --> 0:18:33.640000 So you can have processes and the methodology as part of your web application 0:18:33.640000 --> 0:18:40.920000 security test and relegate it simply to the validation of web application 0:18:40.920000 --> 0:18:42.760000 vulnerabilities that you have identified. 0:18:42.760000 --> 0:18:46.720000 So my point is that you perform a web application security test. 0:18:46.720000 --> 0:18:50.500000 And as part of that, you're also performing a web app pen test to actively 0:18:50.500000 --> 0:18:55.760000 try and exploit the vulnerabilities you have found to again verify the 0:18:55.760000 --> 0:18:58.640000 legitimacy of the vulnerabilities identified. 0:18:58.640000 --> 0:19:02.260000 And that brings me to the third point, which is very, very important. 0:19:02.260000 --> 0:19:04.580000 And that is the methodology, right? 0:19:04.580000 --> 0:19:08.980000 So security testing, web app security testing includes both manual and 0:19:08.980000 --> 0:19:14.400000 automated techniques, whereas pen testing is predominantly a manual process. 0:19:14.400000 --> 0:19:15.400000 And this is true. 0:19:15.400000 --> 0:19:19.880000 So as I said, our focus within this course and the other courses is not 0:19:19.880000 --> 0:19:26.320000 going to be automated or will not involve the use of automation tools 0:19:26.320000 --> 0:19:31.740000 or frameworks. We're going to dive deep into these vulnerabilities and 0:19:31.740000 --> 0:19:35.200000 misconfigurations and the overall process of performing a web application 0:19:35.200000 --> 0:19:37.960000 security test manually. 0:19:37.960000 --> 0:19:43.300000 And we'll utilize automation tools or tools in general to augment the 0:19:43.300000 --> 0:19:47.180000 process only after we have done it manually. 0:19:47.180000 --> 0:19:50.880000 So that brings us to the final point here, which is exploitation. 0:19:50.880000 --> 0:19:54.840000 So security testing does not involve the exploitation of vulnerabilities, 0:19:54.840000 --> 0:19:59.340000 while pen testing does, albeit in a controlled and authorized manner. 0:19:59.340000 --> 0:20:05.300000 As I said, the distinction between the two was only added here to help 0:20:05.300000 --> 0:20:12.800000 explain why some people or professionals would refer to an assessment 0:20:12.800000 --> 0:20:17.960000 on a web application as a web app security test, and why they may differentiate 0:20:17.960000 --> 0:20:19.720000 it with a web app pen test. 0:20:19.720000 --> 0:20:25.140000 The point is that a web app security test does not need to include web 0:20:25.140000 --> 0:20:28.420000 app pen testing or the exploitation side of things. 0:20:28.420000 --> 0:20:31.340000 And in our case, we're taking a look at the entire gamut here. 0:20:31.340000 --> 0:20:35.780000 So we're taking a look at how to identify vulnerabilities, how to exploit 0:20:35.780000 --> 0:20:39.440000 them, understanding what causes them, and we'll be doing this through 0:20:39.440000 --> 0:20:43.000000 a plethora of techniques and tools as well. 0:20:43.000000 --> 0:20:46.680000 And this table here will hopefully make everything much clearer. 0:20:46.680000 --> 0:20:52.200000 So on my left here, you have the aspect, and then you have your web app 0:20:52.200000 --> 0:20:55.480000 security testing column and web app pen testing column, and this highlights 0:20:55.480000 --> 0:20:58.620000 the difference with regards to various aspects like the objective. 0:20:58.620000 --> 0:21:03.180000 So in terms of the objective, web app security testing's objective is 0:21:03.180000 --> 0:21:06.700000 to identify vulnerabilities and weaknesses in web applications without 0:21:06.700000 --> 0:21:07.940000 actively exploiting them. 0:21:07.940000 --> 0:21:11.720000 As I said, that's not always the case because web app pen testing is typically 0:21:11.720000 --> 0:21:15.380000 considered a subset of web app security testing. 0:21:15.380000 --> 0:21:19.720000 In the case of web app pen testing, we know that the primary objective 0:21:19.720000 --> 0:21:23.120000 here is to actively attempt to exploit identified vulnerabilities and 0:21:23.120000 --> 0:21:26.980000 assess the organization's response to attacks. 0:21:26.980000 --> 0:21:31.580000 In terms of the focus, web app security testing is much broader in scope 0:21:31.580000 --> 0:21:35.440000 and includes both manual and automated testing techniques, whereas in 0:21:35.440000 --> 0:21:40.560000 web app pen testing, this is very specific to identifying vulnerabilities 0:21:40.560000 --> 0:21:44.440000 and exploiting them and is mainly a manual process. 0:21:44.440000 --> 0:21:48.120000 In terms of the methodology, we have various types of assessments. 0:21:48.120000 --> 0:21:52.880000 These involve dynamic testing, static testing, so on and so forth in the 0:21:52.880000 --> 0:21:55.180000 case of web app security testing. 0:21:55.180000 --> 0:21:59.000000 And then of course, in the case of web app pen testing, this involves 0:21:59.000000 --> 0:22:02.980000 manual testing using tools and techniques in order to simulate a real 0:22:02.980000 --> 0:22:08.400000 world attack to give the organization an understanding and a view of what 0:22:08.400000 --> 0:22:14.260000 a real attack will look like and what the organization is to expect. 0:22:14.260000 --> 0:22:20.320000 In terms of exploitation, same point as the objective aspect here. 0:22:20.320000 --> 0:22:23.780000 Web app security testing does not involve exploitation, but it can if 0:22:23.780000 --> 0:22:26.680000 you include web app pen testing as a subset. 0:22:26.680000 --> 0:22:30.920000 And web app pen testing involves controlled exploitation to validate vulnerabilities. 0:22:30.920000 --> 0:22:34.480000 What controlled means, if you've ever been a bug bounty hunter or you've 0:22:34.480000 --> 0:22:38.480000 taken a web app pen testing report, you know that you're never supposed 0:22:38.480000 --> 0:22:41.780000 to run a malicious exploit as a an ethical hacker. 0:22:41.780000 --> 0:22:46.660000 Or when you're performing a legitimate legal web app pen test or web app 0:22:46.660000 --> 0:22:52.060000 security test, you're instead supposed to validate vulnerabilities by 0:22:52.060000 --> 0:22:57.240000 utilizing a proof of concept that goes far enough to demonstrate that 0:22:57.240000 --> 0:23:00.760000 you can exploit the vulnerability but doesn't do anything malicious or 0:23:00.760000 --> 0:23:04.560000 anything dangerous with regards to the confidentiality, integrity and 0:23:04.560000 --> 0:23:06.920000 availability of the web application. 0:23:06.920000 --> 0:23:08.620000 We then have reporting. 0:23:08.620000 --> 0:23:09.600000 So this is very important. 0:23:09.600000 --> 0:23:13.500000 Web app security testing identifies vulnerabilities and then provides 0:23:13.500000 --> 0:23:15.140000 remediation recommendations. 0:23:15.140000 --> 0:23:19.040000 In the case of web app pen testing, this document successful exploits 0:23:19.040000 --> 0:23:22.980000 identifies weaknesses and then recommends remediation measures. 0:23:22.980000 --> 0:23:27.920000 So you can see more of an overlap than a higher number of differences 0:23:27.920000 --> 0:23:28.740000 between the two. 0:23:28.740000 --> 0:23:33.100000 And again, as I said, in my case, I think of them as the same thing and 0:23:33.100000 --> 0:23:37.280000 think of web app pen testing as a subset of web app security testing. 0:23:37.280000 --> 0:23:44.240000 Just a subset that can be enabled or activated or deactivated depending 0:23:44.240000 --> 0:23:49.560000 on the type of client you're performing the test for and a plethora of 0:23:49.560000 --> 0:23:54.520000 other factors. In terms of the testing approach, web app security testing 0:23:54.520000 --> 0:23:58.000000 may include automation for vulnerability scanning, whereas in web app 0:23:58.000000 --> 0:24:02.500000 pen testing, this is primarily manual, not exclusively manual and utilizes 0:24:02.500000 --> 0:24:04.480000 manual techniques and tools. 0:24:04.480000 --> 0:24:10.320000 In terms of the overall goal, web app with web app security testing, the 0:24:10.320000 --> 0:24:14.800000 overall goal is to enhance overall the overall security posture of the 0:24:14.800000 --> 0:24:16.200000 web application. 0:24:16.200000 --> 0:24:20.420000 And with web app pen testing, you are validating the effectiveness of 0:24:20.420000 --> 0:24:25.280000 existing security controls and incident response capabilities. 0:24:25.280000 --> 0:24:29.140000 With that being said, now that we have an understanding as to what web 0:24:29.140000 --> 0:24:34.120000 app security testing is and how it differs from web app pen testing, which 0:24:34.120000 --> 0:24:35.660000 as you can see is very limited. 0:24:35.660000 --> 0:24:39.700000 And based on the way I've just categorized everything, you can pretty 0:24:39.700000 --> 0:24:41.380000 much treat it as the same. 0:24:41.380000 --> 0:24:44.900000 The only thing you need to know is web app testing involves exploitation, 0:24:44.900000 --> 0:24:49.800000 whereas natively, web app security testing does not, but it can include 0:24:49.800000 --> 0:24:53.840000 it. And at that point, you would include web app pen testing as a subset. 0:24:53.840000 --> 0:24:57.820000 So the point, the overall point here is that that is what web app security 0:24:57.820000 --> 0:25:00.640000 testing and web app pen testing is all about. 0:25:00.640000 --> 0:25:05.240000 I'll be referring to it as web app pen testing or web app security testing, 0:25:05.240000 --> 0:25:10.140000 sorry, throughout the rest of this course to help clarify my point. 0:25:10.140000 --> 0:25:14.720000 And with that being said, we are now going to turn our attention to common 0:25:14.720000 --> 0:25:18.260000 vulnerabilities and threats that affect web applications. 0:25:18.260000 --> 0:25:23.640000 And that'll give us an idea as to, you know, what firstly, what web applications 0:25:23.640000 --> 0:25:27.940000 are dealing with today, which will then branch off into another section 0:25:27.940000 --> 0:25:31.760000 in this course, but it'll also give us an idea as to what will be covering 0:25:31.760000 --> 0:25:37.860000 within this learning path and this certification training program and 0:25:37.860000 --> 0:25:41.280000 how everything is structured and the way you're supposed to consume the 0:25:41.280000 --> 0:25:45.540000 courses or go through them because it is going to be very methodical. 0:25:45.540000 --> 0:25:49.000000 With that being said, that's going to be it from my end and I'll be seeing 0:25:49.000000 --> 0:25:50.740000 you in the next video.