1
00:00:01,670 --> 00:00:04,040
Guidelines for application security.

2
00:00:05,320 --> 00:00:09,890
So when you're performing a test, you're going to need to cover everything within the scope.

3
00:00:10,580 --> 00:00:13,030
That's why scope definition comes up first.

4
00:00:13,810 --> 00:00:16,960
Your method should be convincing and persuasive.

5
00:00:17,960 --> 00:00:20,990
So it's always good to catch industry standards while you're testing.

6
00:00:22,050 --> 00:00:23,970
This will help you to be reliable.

7
00:00:24,930 --> 00:00:29,880
But I don't want to prevent you from applying your own methods, you need your own personal toolbox.

8
00:00:30,640 --> 00:00:37,120
The point here is the way you accomplish your method and how you present it so you can do many great

9
00:00:37,120 --> 00:00:39,250
things while you're hacking the system.

10
00:00:40,480 --> 00:00:48,280
But if your method isn't clear, determinant and reproducible, I'm sorry this is going to impact the

11
00:00:48,280 --> 00:00:50,690
quality of your work, it will suffer.

12
00:00:51,400 --> 00:00:55,780
So let's assume that you are going to perform a test on an application.

13
00:00:56,690 --> 00:01:03,230
You may know about some of the vulnerabilities and maybe you have many hacking tricks up your sleeve.

14
00:01:04,700 --> 00:01:09,020
But if you don't have at least a checklist, you're going to be stuck at the beginning.

15
00:01:09,980 --> 00:01:12,950
And you're going to get stuck during the test.

16
00:01:13,870 --> 00:01:17,650
So the questions where, when, how to start, what to do.

17
00:01:18,810 --> 00:01:20,190
These are going to start to plague you.

18
00:01:21,090 --> 00:01:25,350
So therefore, you might actually forget to go all around the scope.

19
00:01:26,310 --> 00:01:31,770
After gaining enough experience, you might be able to do this on the fly, but don't expect to become

20
00:01:31,770 --> 00:01:32,820
an expert overnight.

21
00:01:33,510 --> 00:01:34,850
That's going to take time.

22
00:01:36,000 --> 00:01:41,990
Even an experienced tester needs a base while organizing a pen test on a professional scale.

23
00:01:44,970 --> 00:01:50,760
So you understand what I'm saying, having a plan is always a better way, that way you don't leave

24
00:01:50,760 --> 00:01:51,900
anything untested.

25
00:01:53,190 --> 00:02:00,090
So you follow a rigorous plan and that will help you to provide consistent, valuable information to

26
00:02:00,090 --> 00:02:00,660
the customer.

27
00:02:01,980 --> 00:02:09,780
So why do I go on and on about this, because when you think about conducting a penetration test on

28
00:02:09,780 --> 00:02:17,340
an organization, you need to do the tests according to the specification document, the testing guide,

29
00:02:17,640 --> 00:02:20,310
the checklist, or at least a benchmark.

30
00:02:21,510 --> 00:02:28,470
You aren't forced to follow a guide, however, it's going to add value to your methods and create a

31
00:02:28,470 --> 00:02:31,200
base for the person who will read your final report.

32
00:02:32,120 --> 00:02:34,850
It's also how you get a real good reputation.

33
00:02:36,460 --> 00:02:42,640
Now, maybe you have these kinds of plans in house so that you can conduct security operations.

34
00:02:44,900 --> 00:02:50,030
Also, there are many organizations which have particular guidelines and frameworks and checklists and

35
00:02:50,030 --> 00:02:55,640
benchmarks and those kinds of tools to engage in web penetration test, but guess what?

36
00:02:56,450 --> 00:02:59,450
They were created with different perspectives.

37
00:03:00,740 --> 00:03:07,340
All of them will give you a new aspect of the security and web penetration testing process.

38
00:03:08,340 --> 00:03:10,950
But I'll tell you, there is no right answer.

39
00:03:11,860 --> 00:03:20,200
But this election can have an impact on the architecture and result in a strengths and weaknesses report

40
00:03:20,200 --> 00:03:20,980
for the result.

41
00:03:21,850 --> 00:03:26,530
For many industries, compliance and regulations will also drive your choice.

42
00:03:27,750 --> 00:03:32,050
I'm not going to tell you about all of them because some of them aren't even up to date.

43
00:03:33,040 --> 00:03:39,160
So here I can give you two options to follow so that you can get more information about web penetration

44
00:03:39,160 --> 00:03:39,640
testing.

45
00:03:40,860 --> 00:03:44,100
The first approach is certification focused.

46
00:03:44,970 --> 00:03:50,580
So there are many Web security certifications out there and they have a variety of different perspectives.

47
00:03:51,640 --> 00:03:58,720
They're going to have defensive purposes, offensive purposes, and some of them can actually include

48
00:03:58,720 --> 00:04:02,590
SDLC and then have a mixed purpose of security.

49
00:04:03,900 --> 00:04:10,860
So here, I'm going to show you two offensive purpose certificates that you can follow along each one

50
00:04:10,860 --> 00:04:12,480
of their topics while you're testing.

51
00:04:13,870 --> 00:04:17,410
Or you could try to get them to improve your career standing.

52
00:04:18,600 --> 00:04:24,840
So the first certificate is the Gyasi Web Application Penetration Testing Certificate.

53
00:04:25,960 --> 00:04:33,760
The second one is off SEC Web expert certificate, so also you can find a Web application, security

54
00:04:33,760 --> 00:04:39,850
as topics and some general purpose certificates such as SC Counsel C.H..

55
00:04:41,080 --> 00:04:45,820
Now, the second approach is following open guides and checklists.

56
00:04:47,090 --> 00:04:54,350
So this way is more formal and it perhaps can suit you best if you want to be a Web penetration tester.

57
00:04:55,550 --> 00:05:01,610
Some of these guides are very well crafted and maintained, while others they might have been neglected

58
00:05:01,610 --> 00:05:02,470
for a few years.

59
00:05:03,500 --> 00:05:12,710
There are also several general purpose guides, such as Ezzy Coms and Ghostman and Pretests, you can

60
00:05:12,710 --> 00:05:16,370
always find them and I'm sure you'll be able to understand your way through them.

61
00:05:17,240 --> 00:05:20,380
But guess what, those are the neglected ones.

62
00:05:21,320 --> 00:05:27,320
All right, so finally, here's my point when we're talking about Web security, you may have heard

63
00:05:27,320 --> 00:05:28,700
of a WASP.

64
00:05:29,740 --> 00:05:36,730
It's a nonprofit organization which they produce guides, cheat sheets and many other things about application

65
00:05:36,730 --> 00:05:37,240
security.

66
00:05:38,170 --> 00:05:44,060
So in this course, mainly, I'm going to take a WASPs testing guide for my base.

67
00:05:45,130 --> 00:05:48,730
Now, I'm not going to follow every single item in the guide, though.

68
00:05:48,730 --> 00:05:55,390
I am going to add some other topics so you can go and check the details of the document on the old WASP

69
00:05:55,390 --> 00:05:56,700
website if you want.