filmov
tv
Web Hacking: Become a Pentester - Lecture 12: Modern MVC Frameworks
Показать описание
In this video I introduce the concept of MVC framework and we will create a small web application with Django.
This is a preview lecture from my online web hacking training called Web Hacking: Become a Pentester.
Trainings:
Transcript:
Hi,
In this lecture we will learn about how modern web applications work. Nowadays it is not really practical to write complex applications the way we have seen in the previous lectures. So there are hundreds of frameworks out there in every possible language try to solve this problem. Even if you decide what language you want to use you will still have many frameworks to choose from. Most of them have, however something in common, and that is their architecture. They follow a software design pattern called the Model-View-Controller or MVC. This concept splits the responsibilities of the application into these there components:
Model:
The model contains the business logic and manages the data. It is independent of the user interface.
View:
The view, it is kinda obvious, is what the user sees. The view is responsible to represent the data to the user how it is the best. In a web application this is basically what you see in the browser.
Controller:
The controller receives the input from the user. The controller knows what the user wants to do and based on that interacts with the model and the view components.
Now this is a really basic definition, and all frameworks have different understanding about what each component is responsible for. As I said there are lot's of MVC frameworks, such as ASP .Net, Ruby on Rails, Django etc.., If you are going to do penetration testing for living you will meet many of them. That is also the reason why it does not make sense to learn all of them. In this lecture we will try out one, so that you understand the concept, and that should be enough to start working with any of them in the future, of course with some googleing.
$ pip install django
$ django-admin startproject tauntaun-dispatch
$ cd tauntaun-dispatch/tauntaun-dispatch
This initializes the DB for our project.
In this file you can configure which URLs should be available and what should happen when they are called. We need to add two URLs, the index and the tauntaun-request. We don't need the admin page now so we can just overwrite that:
Save and then start the server:
$ cd ..
And load both URLs in the browser. They respond with the texts defined in the views. Now the app have some kind of controller which decides which view to load when a URL is called and 2 views which return something to the user. But all of this is pretty static and we don't have a model yet.
Here we basically create a table called reservations with 3 field, name, date and an automatically created id field which we will use as the reservation number.
So this file defines our data model, but we still have to make django to generate the database for us.
This initializes the database for our model. Under the hood django does a lot of things for us, which makes it possible that we don't have to write SQL queries but only talk to the db model.
At this point we have a model, now we need to improve the controller and the views, so that the app actually does something.
First improve the index view to offer a form where the user can submit his name and the date he wants to reserve the tauntaun for.
$ mkdir tauntaun_dispatch/templates
Modify the view:
We also have to tell the app what to do when a new tauntaun request is coming. For that we have to update the tauntaun_request function:
We create a new Reservatio object with the data sent in the request and save it in the database. As you can see djange does a good job implementing data management. At the end we return the id of the newly created reservation.
Let's try it.
....
This is a preview lecture from my online web hacking training called Web Hacking: Become a Pentester.
Trainings:
Transcript:
Hi,
In this lecture we will learn about how modern web applications work. Nowadays it is not really practical to write complex applications the way we have seen in the previous lectures. So there are hundreds of frameworks out there in every possible language try to solve this problem. Even if you decide what language you want to use you will still have many frameworks to choose from. Most of them have, however something in common, and that is their architecture. They follow a software design pattern called the Model-View-Controller or MVC. This concept splits the responsibilities of the application into these there components:
Model:
The model contains the business logic and manages the data. It is independent of the user interface.
View:
The view, it is kinda obvious, is what the user sees. The view is responsible to represent the data to the user how it is the best. In a web application this is basically what you see in the browser.
Controller:
The controller receives the input from the user. The controller knows what the user wants to do and based on that interacts with the model and the view components.
Now this is a really basic definition, and all frameworks have different understanding about what each component is responsible for. As I said there are lot's of MVC frameworks, such as ASP .Net, Ruby on Rails, Django etc.., If you are going to do penetration testing for living you will meet many of them. That is also the reason why it does not make sense to learn all of them. In this lecture we will try out one, so that you understand the concept, and that should be enough to start working with any of them in the future, of course with some googleing.
$ pip install django
$ django-admin startproject tauntaun-dispatch
$ cd tauntaun-dispatch/tauntaun-dispatch
This initializes the DB for our project.
In this file you can configure which URLs should be available and what should happen when they are called. We need to add two URLs, the index and the tauntaun-request. We don't need the admin page now so we can just overwrite that:
Save and then start the server:
$ cd ..
And load both URLs in the browser. They respond with the texts defined in the views. Now the app have some kind of controller which decides which view to load when a URL is called and 2 views which return something to the user. But all of this is pretty static and we don't have a model yet.
Here we basically create a table called reservations with 3 field, name, date and an automatically created id field which we will use as the reservation number.
So this file defines our data model, but we still have to make django to generate the database for us.
This initializes the database for our model. Under the hood django does a lot of things for us, which makes it possible that we don't have to write SQL queries but only talk to the db model.
At this point we have a model, now we need to improve the controller and the views, so that the app actually does something.
First improve the index view to offer a form where the user can submit his name and the date he wants to reserve the tauntaun for.
$ mkdir tauntaun_dispatch/templates
Modify the view:
We also have to tell the app what to do when a new tauntaun request is coming. For that we have to update the tauntaun_request function:
We create a new Reservatio object with the data sent in the request and save it in the database. As you can see djange does a good job implementing data management. At the end we return the id of the newly created reservation.
Let's try it.
....
0:06:22
How To Learn Hacking - a Full Guide (2024)
0:15:25
Simple Penetration Testing Tutorial for Beginners!
0:00:27
Hacking Knowledge
0:09:06
how hackers hack any website in 9 minutes 6 seconds?!
0:02:56
Watch This Russian Hacker Break Into Our Computer In Minutes | CNBC
0:06:55
Introduction to Hacking | How to Start Hacking
0:03:44
Fastest Way to $10,000/Month with Hacking in 2024
0:12:11
How to learn hacking for free in 2024
0:00:28
Kali Linux installation for beginners in 30 second #cybersecurity #hacking #coder #kalilinux
0:05:11
Your Approach to Hacking is WRONG!!
0:03:27
Cybersecurity Expert Demonstrates How Hackers Easily Gain Access To Sensitive Information
0:00:31
Hacking 🔥 Expectation vs Reality | Coding Status For WhatsApp
12:16:54
Ethical Hacking in 12 Hours - Full Course - Learn to Hack!
0:39:21
The best Hacking Courses & Certs (not all these)? Your roadmap to Pentester success.
0:00:57
Penetration Testing and Website Vulnerabilities Explained Ryan Montgomery #hacking #cybersecurity
2:47:57
Ethical Hacking 101: Web App Penetration Testing - a full course for beginners
0:00:58
5 Books to get into bug bounty and web hacking #infosec #hacking #bugbounty #redteam #hackers
0:00:56
Here are 3 FREE web hacking resources to learn web hacking! #bugbounty #hackers #cybersecurity
0:00:34
Hacking into Android in 32 seconds | HID attack | Metasploit | PIN brute force PoC
2:32:55
Hacking Web Applications (2+ hours of content)
0:01:00
Five resources to learn hacking, pentesting or get started with #cybersecurity!
7:14:30
Ethical Hacking in 15 Hours - 2023 Edition - Learn to Hack! (Part 1)
0:27:01
60 Hacking Commands You NEED to Know
0:20:19
A Day in the Life of an Ethical Hacker / Penetration Tester
Комментарии