دانلود دوره Web App Pentesting

دانلود دوره Web App Pentesting

دوره Web App Pentesting یک دوره از Pentester Academy می باشد که توسط مدرس معتبر و معروف Vivek Ramachandran می باشد.

این دوره با تمرکز بر آموزش تکنیک های تست نفوذ برنامه های وب، دانشجو را آماده انجام آزمون های تست نفوذ در دنیای واقعی می کند.

سرفصل های این دوره آموزشی عبارتند از :

• Javascript for Pentesters: HTML DOM
• Javascript for Pentesters: Event Handlers
• Javascript for Pentesters: Cookies
• Javascript for Pentesters: Stealing Cookies
• Javascript for Pentesters: Exceptions
• Javascript for Pentesters: Advanced Forms Manipulation
• Javascript for Pentesters: XMLHttpRequest Basics
• Javascript for Pentesters: XHR and HTML Parsing
• Javascript for Pentesters: XHR and JSON Parsing
• Javascript for Pentesters: XHR and XML Parsing
• File Upload Vulnerability Basics
• Beating Content-Type Check in File Uploads
• Bypassing Blacklists in File Upload
• Bypassing Blacklists using PHPx
• Bypassing Whitelists using Double Extensions in File Uploads
• Defeating Getimagesize() Checks in File Uploads
• Null Byte Injection in File Uploads
• Exploiting File Uploads to get Meterpreter
• Remote File Inclusion Vulnerability Basics
• Exploiting RFI with Forced Extensions
• RFI to Meterpreter
• LFI Basics
• LFI with Directory Prepends
• Remote Code Execution with LFI and File Upload Vulnerability
• LFI with File Extension Appended – Null Byte Injection
• Remote Code Execution with LFI and Apache Log Poisoning
• Remote Code Execution with LFI and SSH Log Poisoning
• Unvalidated Redirects
• Encoding Redirect Params
• Open Redirects: Base64 Encoded Params
• Open Redirects: Beating Hash Checking
• Open Redirects: Hashing with Salt
• Securing Open Redirects
• Cross Site Request Forgery Basics
• Cross Site Request Forgery Trigger Tags
• CSRF Multi-Step Operation Handling
• Mitigating CSRF with Tokens
• CSRF and XSS
• CSRF Token Bypass with Hidden Iframes
• Insecure Direct Object Reference
• Insecure Direct Object Reference (Burp Demo)

• Course Introduction
• HTTP Basics
• Netcat Lab for HTTP 1.1 and 1.0
• HTTP Methods and Verb Tampering
• HTTP Method Testing with Nmap and Metasploit
• HTTP Verb Tampering Demo
• HTTP Verb Tampering Lab Exercise
• HTTP Basic Authentication
• Attacking HTTP Basic Authentication with Nmap and Metasploit
• HTTP Digest Authentication RFC 2069
• HTTP Digest Auth Hashing (RFC 2069)
• HTTP Digest Authentication (RFC 2617)
• HTTP Statelessness and Cookies
• HTTP Set-Cookie with HTTPCookie
• Session ID
• SSL – Transport Layer Protection
• SSL MITM using Proxies
• File Extraction from HTTP Traffic
• HTML Injection Basics
• HTML Injection in Tag Parameters
• HTML Injection using 3rd Party Data Source
• HTML Injection – Bypass Filters Cgi.Escape
• Command Injection
• Command Injection – Filters
• Web to Shell on the Server
• Web Shell: PHP Meterpreter
• Web Shell: Netcat Reverse Connects
• Web Shell: Using Python, PHP etc.
• Getting Beyond Alert(XSS)
• Javascript for Pentesters: Introduction and Hello World
• XSS: Cross Site Scripting
• Javascript for Pentesters: Variables
• Types of XSS
• Javascript for Pentesters: Operators
• XSS via Event Handler Attributes
• Javascript for Pentesters: Conditionals
• DOM XSS
• Javascript for Pentesters: Loops
• Javascript for Pentesters: Functions
• Javascript for Pentesters: Data Types
• Javascript for Pentesters: Enumerating Object Properties

پسورد فایل فشرده : liansec.net

علاقمند به حوزه امنیت اطلاعات و آشنا به حوزه تست نفوذ
  • facebook
  • twitter
  • googleplus
  • linkedIn
  • flickr

دیدگاهتان را بنویسید

نشانی ایمیل شما منتشر نخواهد شد.