Wednesday, June 8, 2011

Web Hacking Video Series #2 Analysis of application behavior to bypass common implementation issues

Video Lesson Topics:  (Running time 50+ minutes)
This lesson covers the following topics:
  1. Analysis of application behavior to bypass common implementation issues
  2. Writing custom python code to deal with more complex testing situations
  3. More on burp suite intruder, comparer and scoping settings
  4. Introducing firebug for inspecting page elements
  5. Lots of me rambling about testing issues and real world considerations/client issues

New Hacking Lab:  (USE FIREFOX)
 This is my second video on application security which includes a lab of 6 different user enumeration situations. Not really to show user enumeration, but to show the various ways developers handle situations and how we can determine ways to bypass issues. Everyone can follow along and play on the website as I ramble..  I got bored Friday night and started coding, and ended up with the beginning of a mini web hacking lab that I may continue to grow out regarding certain lessons or  I may allow downloading of the whole site when dealing with more dangerous topics I dont want to deploy online.  Also note that I dont care about complying with microsoft internet explorers finicky page parsing issues so use firefox if you dont want viewing issues.  ;)

I hope everyone learns something or at least enjoys the video if your are already a seasoned web slayer, but enjoy my rambling, that's cool too. If anyone has any good ideas regarding new videos, post a comment, I just kind of randomly thought of the last two lessons while trying to think of topics which were not beat to death in books and videos but I feel are important for those new to web.

Here are some links/tools regarding this lesson if you plan on following along..

Needed Follow Along Tools:
-Firefox (Site doesn't comply with microsoft IE standards)
-Burp Suite
-Komodo Edit (Or editor of choice)

Web Hacking Lab:(Alpha Release):

Video link:

Analysis of application behavior to bypass common implementation issues from ficti0n on Vimeo.

Further Reading Regarding Authentication:



  1. good stuff. I liked the little python tutorial in the video also..

  2. glad you enjoyed it... just threw the python in there to show you can just handle situations by yourself without relying on all the tools if something pops up :) I am thinking about doing a big coding video for all kinds of stuff