Nuclei is a fast, template based vulnerability scanner focusing on extensive configurability, massive extensibility and ease of use. It offers scanning for a variety of protocols, including TCP, DNS, HTTP, SSL, File, Whois, Websocket, Headless etc. With powerful and flexible templating, Nuclei can be used to model all kinds of security checks.
We’ll begin this course with a broad overview of what Nuclei is, how it compares to other tools, and how Nuclei addresses some common issues. You’ll learn how to operate Nuclei, create workflows in which a correct picture is sketched depicting the presence of a vulnerability. You’ll also understand the Nuclei workflow for DevSecOps. Finally, you will be working on some use cases in which you will be creating your own vulnerability suites.
We employ story-driven learning since this course is specifically meant to assist you in understanding how these processes function in real-world development scenarios. Years of security testing expertise, know-how, and original research from our entire team are the foundation of our content. You'll be able to immediately use what you've learned at the end of the course in a contemporary product engineering context.
Security Misconfiguration & Sensitive Information
Insecure Direct Object Reference (IDOR)
Client Side Vulnerabilities
Server Side Vulnerabilities
Parser and Serialization Based Vulnerabilities
DAST & Nuclei
Anatomy of a Nuclei Template