Selamlar, bu videoda eWPTX (Web Application Penetration Tester eXtreme) sertifikasından ve kendi geçirdiğim sertifika sürecinden bahsettim.
Önemli Konular:
SQL Injection
XXE Injection
Server-side template injection (SSTI)
Insecure deserialization
Server-side request forgery (SSRF)
Authentication
Directory traversal
Command Injection
Information Disclosure
Access Control
Cross-site Scripting (XSS)
Cross-site request forgery (CSRF)
PortSwigger Labları:
portswigger.net/web-security/...
portswigger.net/web-security/...
portswigger.net/web-security/...
portswigger.net/web-security/...
portswigger.net/web-security/...
portswigger.net/web-security/...
portswigger.net/web-security/...
portswigger.net/web-security/...
portswigger.net/web-security/...
portswigger.net/web-security/...
portswigger.net/web-security/...
Labs to Practice
---
portswigger.net/web-security/...
- [local DVWA and OWASP Juice Shop instance](systemweakness.com/deploy-vul...)
One of the most challenging topics in the certification is deserialization. For this, I recommend this website (which includes labs):
- github.com/NotSoSecure/NotSoC...
- notsosecure.com/notsocereal-l...
**Other labs to learn.**
- tryhackme.com/room/sqlilab
- tryhackme.com/room/githappens
- tryhackme.com/room/learnssti
Tools
---
- github.com/r0oth3x49/ghauri -... that automates the process of detecting and exploiting SQL injection
- github.com/arthaud/git-dumper - A tool to dump a git repository from a website.
- github.com/epi052/feroxbuster - A fast, simple, recursive content discovery tool written in Rust.
- github.com/calebstewart/pwncat - Fancy reverse and bind shell handler
- ETİKETLER -
ewptx, elearn, ine, siber güvenlik, web sertifikası, web sızma testi, sızma testi sertifikası, siber güvenlik sertifikaları, hacker sertifikaları, etik hacker