دوره SEC 542
پیشنیاز های دوره
مخاطبین دوره
آشنایی با یکی از زبان های برنامه نویسی (php, aspx, jsp)
آشنایی با زبان های برنامه نویسی HTML/ JAVA/ Script
دوره SEC504
افراد علاقمند به تست نفوذ برنامه های تحت وب
برنامه نویسان تحت وب
کارشناسان امنیت وب
کارشناسان پیکربندی WAF
سرفصل دوره
Overview of the web from a penetration tester’s perspective
Exploring the various servers and clients
Discussion of the various web architectures
Discovering how session state works
Discussion of the different types of vulnerabilities
WHOIS and DNS reconnaissance
The HTTP protocol
WebSocket
Secure Sockets Layer (SSL) configurations and weaknesses
Heartbleed exploitation
Utilizing the Burp Suite in web app penetration testing
Scanning with Nmap
Discovering the infrastructure within the application
Identifying the machines and operating systems
Exploring virtual hosting and its impact on testing
Learning methods to identify load balancers
Software configuration discovery
Learning tools to spider a website
Brute forcing unlinked files and directories
Discovering and exploiting Shellshock
Web authentication
Username harvesting and password guessing
Fuzzing
Burp Intruder
Session tracking
Authentication bypass flaws
Mutillidae
Command Injection
Directory traversal
Local File Inclusion (LFI)
Remote File Inclusion (RFI)
SQL injection
Blind SQL injection
Error-based SQL injection
Exploiting SQL injection
SQL injection tools
sqlmap
- XML External Entity (XXE)
- Cross-Site Scripting (XSS)
- Browser Exploitation Framework (BeEF)
- AJAX
- XML and JSON
- Document Object Model (DOM)
- Logic attacks
- API attacks
Data attacks
- Cross-Site Request Forgery (CSRF)
- Python for web app penetration testing
- WPScan
- w3af
- Metasploit for web penetration testers
- Leveraging attacks to gain access to the system
- How to pivot our attacks through a web application
- Exploiting applications to steal cookies
- Executing commands through web application vulnerabilities
When tools fail
