Certified Ethical Hacker, Part 5 of 8: Sessions and Web Servers
Interactive

Certified Ethical Hacker, Part 5 of 8: Sessions and Web Servers

LearnNow Online
Updated Aug 21, 2018

Course description

Given their centrality in operations of most businesses, Websites represent tempting and low-hanging fruit for hackers. Experienced systems architect, software engineer and cybersecurity expert Rafiq Wayani reveals how both session hacking and the hacking of entire web servers have become all too commonplace. Wayani discusses the latest detection tools, counter measures and penetration testing you will need to thwart these attacks. This course is part of a series covering EC-Council's Certified Ethical Hacker (CEH).

Each LearnNowOnline training course is made up of Modules (typically an hour in length). Within each module there are Topics (typically 15-30 minutes each) and Subtopics (typically 2-5 minutes each). There is a Post Exam for each Module that must be passed with a score of 70% or higher to successfully and fully complete the course.


Prerequisites

To get the most out of this course, this course assumes that you have a good working knowledge of Linux and Windows based networking environments. It also assumes that you have experience with managing a network, have worked with networking hardware such as switches & routers, are familiar with MS Active Directory (AD) Domain based authentication, know how to work with command-line utilities, and understand the basics of Web Server environments. Many of the demonstrations in this course use the Windows 7 and Kali Linux operating systems which can be downloaded free from the respective sites. All of the demonstrations are created in a virtual environment using Oracle VirtualBox and VMware vSphere 6.


Meet the expert

Rafiq Wayani

Rafiq Wayani has extensive experience including more than 20 years in IT as Systems Architect, Software Engineer, DBA, and Project Manager. Wayani has instructed in a variety of technical areas, has designed and implemented network and information systems, and is certified across a wide range of platforms and systems including Microsoft Solutions Developer, Systems Engineer, Application Developer, Database Administrator, Trainer; Novell Netware Administrator and Engineer; Master Certified Netware Engineer; and A Certified.

Video Runtime

101 Minutes

Time to complete

141 Minutes

Course Outline

Session Hijacking

Session Hijacking Concepts (05:26)

  • Introduction (00:22)
  • Session Hijacking (00:46)
  • Session Hijacking Diagram (02:33)
  • Session Hijacking Cont. (01:26)
  • Summary (00:18)

App Level Session Hijacking (06:43)

  • Introduction (00:28)
  • Application Level Hijacking (04:13)
  • Web Services (01:49)
  • Summary (00:12)

Network Level Hijacking (05:41)

  • Introduction (00:21)
  • Network Level Hijacking (02:29)
  • Models (02:43)
  • Summary (00:08)

Session Hijacking Tools (07:06)

  • Introduction (00:19)
  • Network Level Hijacking (00:28)
  • Demo: Session Hijacking Tools (06:03)
  • Summary (00:14)

Session Hijack Countermeasures (08:00)

  • Introduction (00:33)
  • Session Hijack Countermeasures (04:34)
  • Countermeasures Cont. (02:38)
  • Summary (00:13)

Session Hijack Pentest (07:01)

  • Introduction (00:21)
  • Session Hijack Pentest (03:57)
  • Session Hijack Pentest Cont. (02:28)
  • Summary (00:14)
Web Server Attacks

Web Server Concepts (05:55)

  • Introduction (00:16)
  • What's Happening (01:39)
  • HTTP Request Processing in IIS (03:45)
  • Summary (00:14)

Web Server Attacks (07:16)

  • Introduction (00:15)
  • Web Server Attacks (03:13)
  • Demo: Netsparker (03:34)
  • Summary (00:12)

Web Server Attack Methodology (08:20)

  • Introduction (00:23)
  • Web Server Attack Methodology (00:42)
  • Demo: Netsparker (00:32)
  • Web Server Attack Methodology (00:58)
  • Demo: WinHTTrack (05:34)
  • Summary (00:10)

Web Server Attack Tools (09:27)

  • Introduction (00:19)
  • Web Server Attack Tools (01:19)
  • Demo: Passivetotal (02:22)
  • Demo: HTTPRecon (05:15)
  • Summary (00:11)

Web Server Countermeasures (10:47)

  • Introduction (00:17)
  • Web Server Countermeasures (00:40)
  • 18-Year-Old Vulernerability (01:04)
  • Server O/S (01:25)
  • Demo: End-of-Life Support (02:41)
  • Web Server Countermeasures (00:06)
  • Demo: Locking Down Servers (02:06)
  • Web Server Countermeasures (02:13)
  • Summary (00:11)

Web Server Patch Management (04:20)

  • Introduction (00:21)
  • Web Server Patch Management (02:11)
  • Patch Management Cont. (01:31)
  • Summary (00:15)

Web Server Security Tools (09:50)

  • Introduction (00:17)
  • Web Server Security Tools (05:02)
  • Demo: Cache (04:22)
  • Summary (00:08)

Web Server Penetration Testing (05:34)

  • Introduction (00:19)
  • Web Server Penetration Testing (00:56)
  • Demo: Pen Test Tools (03:02)
  • Web Server Pen Testing (01:01)
  • Summary (00:15)