HTTP Basics

• HTML + CSS + JavaScript introduction

  • HTML + CSS + JavaScript introduction - web 0x00

• El Protocolo HTTP

  • The HTTP Protocol: GET /test.html - web 0x01

• El Badge de HTTP de PentesterLab [requiere licencia]

  • https://pentesterlab.com/badges/http

Principios de Authentication and Authorization

• Authorization vs. Authentication (Google Bug Bounty)

Aprender a utilizar progresivamente cada los features (y/o su equivalente en Owasp ZAP):

• Burp History

• Burp Repeater

• Burp Collaborator [solo en la version Pro]

• Burp Intruder

• Burp Active Scanner [solo en la version Pro]

• Burp Sequencer

Badges de PentesterLab sugeridos para arrancar [requieren licencia]

• Introduction Badge [ejercicios EASY]

• Unix Badge [ejercicios EASY]

• Intercept Badge [ejercicios EASY]

• HTTP Badge [ejercicios EASY]

• Recon Badge [ejercicios EASY]

• Essential Badge [ejercicios EASY]

• API Badge [ejercicios EASY]

• Authentication/Authorization Badge [ejercicios EASY]

WebSockets

• https://portswigger.net/web-security/websockets

• https://mmmds.pl/Damn-Vulnerable-Web-Sockets-walkthrough/

• https://www.youtube.com/watch?v=bMFP71UAbPo&list=PLpr-xdpM8wG-WUI7yLUvdjm-Bcw7AqG9m&index=15

GraphQL

• https://blog.assetnote.io/2021/08/29/exploiting-graphql/

• https://pentesterlab.com/exercises/graphql/course

• https://pentesterlab.com/exercises/graphql_ii/course