Look inside
E-commerce sites handle valuable personal information such as names, addresses, and credit card details. This makes them ripe for malicious attacks. Successful web developers use penetration tests—simulated attacks on your own applications—in order to spot vulnerabilities and shore up security.
In this liveProject, you’ll take on the dual role of both attacker and defender of a vulnerable e-commerce site. You’ll start out wearing the black hat of a hacker as you perform reconnaissance, exploit vulnerabilities with specialist tools, and attempt to extract data. Once you’ve cracked open the holes in your system, you’ll step into the defensive role to fix vulnerabilities in your code that have led to injection attacks. This liveProject comes with full access to a virtual training web application, so you can experiment without endangering your own software.
This project is designed for learning purposes and is not a complete, production-ready application or solution.
prerequisites
This liveProject is for web developers who want to defend their applications against common cyber attacks. No cyber security skills are required to get started. To begin this liveProject, you will need to be familiar with:
TOOLS
- Basics of PHP programming
- Basics of browser developer tools
- Basics of command line prompts
- Basics of SSH’ing into hosts
- Basics of wget, nikto, and sqlmap
TECHNIQUES
- Fundamentals of HTML and HTTP requests/responses
- Basics of shell programming
- Basic understanding of SQL
you will learn
Each section in this liveProject will test and develop your knowledge in a different area of web security. You’ll master the most popular tools for web penetration testing, and write up effective security reports.
- Information gathering with browser developer tools
- Mapping attack surfaces
- Handcrafting a SQL injection attack
- Vulnerability discovery
- Attack persistence techniques