Scribd
Upload
67 views6 pages

Web Pentesting Essentials

This document discusses web application penetration testing and HTML injection basics. It describes how HTML injection works by inserting malicious HTML input that is not sanitized into a web page. The attacker can then control how the page is rendered for the victim. It also briefly mentions other injection attacks like JavaScript injection and SQL injection. The document is presented by Vivek Ramachandran from SecurityTube and promotes his training resources at SecurityTube and Pentester Academy.

Uploaded by

lạc hoa
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
67 views6 pages

Web Pentesting Essentials

This document discusses web application penetration testing and HTML injection basics. It describes how HTML injection works by inserting malicious HTML input that is not sanitized into a web page. The attacker can then control how the page is rendered for the victim. It also briefly mentions other injection attacks like JavaScript injection and SQL injection. The document is presented by Vivek Ramachandran from SecurityTube and promotes his training resources at SecurityTube and Pentester Academy.

Uploaded by

lạc hoa
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Web

 Applica+on  Pentes+ng  

Vivek  Ramachandran  
SWSE,  SMFE,  SPSE,  SISE,  SLAE,  SGDE  Course  Instructor  

Cer+fica+ons:                          hGp://www.securitytube-­‐training.com    
 
Pentester  Academy:    hGp://www.PentesterAcademy.com    

©SecurityTube.net  
HTML  Injec+on  Basics  

©SecurityTube.net  
Injec+on  AGacks  

•  Frontend  (Client)  
–  Rendering  AGacks  =>  HTML  Injec+on  
–  Code  Execu+on  =>  JS  Injec+on  (XSS)  

•  Backend  (Server)  
–  Command  Injec+on  
•  SQL  Injec+on  etc.  

©SecurityTube.net  
HTML  Injec+on  

•  User  input  not  sani+zed  

•  Malicious  input  consists  of  HTML  injected  into  


page  

•  Render  page  as  per  aGacker’s  choice  to  vic+m  


 

©SecurityTube.net  
Injec+on  in  Content  

©SecurityTube.net  
Pentester  Academy  

©SecurityTube.net  

You might also like