[Pentester Academy] Web Application Pentesting [2013, ENG]

Видео уроки, книги, учебники по компьютерным сетям и коммуникациям
Торрент Сидеров Личеров Размер
20 7 4.92 ГБ
Аватара пользователя
Сообщения: 22944
Зарегистрирован: 13 янв 2016, 22:10

[Pentester Academy] Web Application Pentesting [2013, ENG]

Сообщение Солнышко » 26 фев 2017, 15:52

Web Application Pentesting

Год выпуска: 2013
Производитель: Pentester Academy
Сайт производителя: www.pentesteracademy.com/course?id=5
Продолжительность: 09:57:31
Тип раздаваемого материала: Видеоурок
Язык: Английский
Описание:Курс от Penstester Academy
A non-exhaustive and continuously evolving list of topics to be covered include:
  • HTTP/HTTPS protocol basics
    Understanding Web Application Architectures
    Lab setup and tools of the trade
    Converting your browser into an attack platform
    Traffic Interception and Modification using Proxies
    Cross Site Scripting
    DOM based
    Filtering XSS
    Evading XSS filters
    Cookie stealing and session hijacking
    SQL Injection
    Error based
    Second order injections
    Broken authentication and session management
    session id analysis
    custom authentication
    Security misconfigurations
    Web and database server
    Application framework
    Insecure direct object reference
    Cross-site Request Forgery
    GET and POST based
    JSON based in RESTful Service
    Token Hijacking via XSS
    Multi-Step CSRF
    Insecure cryptographic storage
    File upload vulnerabilities
    Bypassing extension, content-type etc. checks
    RFI and LFI
    Web to Shell
    Web Shells
    PHP meterpreter
    Analyzing Web 2.0 applications
    RIAs using Flash, Flex
    Attacking Caching servers
    Non Relational Database Attacks
    Appengine Datastore
    MongoDB, CouchDB etc.
    HTML5 Attack Vectors
    Tag abuse and use in XSS
    Client side injection
    Web Application firewalls
    Detection Techniques
    Evading WAFs
  • … more additions will be made as course evolves

1 Course Introduction
2 HTTP Basics
3 Netcat Lab for HTTP 1.1 and 1.0
4 HTTP Methods and Verb Tampering
5 HTTP Method Testing with Nmap and Metasploit
6 HTTP Verb Tampering Demo
7 HTTP Verb Tampering Lab Exercise
8 HTTP Basic Authentication
9 Attacking HTTP Basic Authentication with Nmap and Metasploit
10 HTTP Digest Authentication RFC 2069
11 HTTP Digest Auth Hashing (RFC 2069)
12 HTTP Digest Authentication (RFC 2617)
13 HTTP Statelessness and Cookies
14 HTTP Set-Cookie with HTTPCookie
15 Session ID
16 SSL - Transport Layer Protection
17 SSL MITM using Proxies
18 File Extraction from HTTP Traffic
19 HTML Injection Basics
20 HTML Injection in Tag Parameters
21 HTML Injection using 3rd Party Data Source
22 HTML Injection - Bypass Filters Cgi.Escape
23 Command Injection
24 Command Injection - Filters
25 Web to Shell on the Server
26 Web Shell: PHP Meterpreter
27 Web Shell: Netcat Reverse Connects
28 Web Shell: Using Python, PHP etc.
29 Getting Beyond Alert(XSS)
30 Javascript for Pentesters: Introduction and Hello World
31 XSS: Cross Site Scripting
32 Javascript for Pentesters: Variables
33 Types of XSS
34 Javascript for Pentesters: Operators
35 XSS via Event Handler Attributes
36 Javascript for Pentesters: Conditionals
38 Javascript for Pentesters: Loops
39 Javascript for Pentesters: Functions
40 Javascript for Pentesters: Data Types
41 Javascript for Pentesters: Enumerating Object Properties
42 Javascript for Pentesters: HTML DOM
43 Javascript for Pentesters: Event Handlers
44 Javascript for Pentesters: Cookies
45 Javascript for Pentesters: Stealing Cookies
46 Javascript for Pentesters: Exceptions
47 Javascript for Pentesters: Advanced Forms Manipulation
48 Javascript for Pentesters: XMLHttpRequest Basics
49 Javascript for Pentesters: XHR and HTML Parsing
50 Javascript for Pentesters: XHR and JSON Parsing
51 Javascript for Pentesters: XHR and XML Parsing
52 File Upload Vulnerability Basics
53 Beating Content-Type Check in File Uploads
54 Bypassing Blacklists in File Upload
55 Bypassing Blacklists using PHPx
56 Bypassing Whitelists using Double Extensions in File Uploads
57 Defeating Getimagesize() Checks in File Uploads
58 Null Byte Injection in File Uploads
59 Exploiting File Uploads to get Meterpreter
60 Remote File Inclusion Vulnerability Basics
61 Exploiting RFI with Forced Extensions
62 RFI to Meterpreter
63 LFI Basics
64 LFI with Directory Prepends
65 Remote Code Execution with LFI and File Upload Vulnerability
66 LFI with File Extension Appended - Null Byte Injection
67 Remote Code Execution with LFI and Apache Log Poisoning
68 Remote Code Execution with LFI and SSH Log Poisoning
69 Unvalidated Redirects
70 Encoding Redirect Params
71 Open Redirects: Base64 Encoded Params
72 Open Redirects: Beating Hash Checking
73 Open Redirects: Hashing with Salt
74 Securing Open Redirects
75 Cross Site Request Forgery Basics
76 Cross Site Request Forgery Trigger Tags
77 CSRF Multi-Step Operation Handling
78 Mitigating CSRF with Tokens
79 CSRF and XSS
80 CSRF Token Bypass with Hidden Iframes
81 Insecure Direct Object Reference
82 Insecure Direct Object Reference (Burp Demo)
Файлы примеров: отсутствуют
Формат видео: MP4
Видео : AVC, 1280x1024 (5:4), 30.000 fps, ~1 311 Kbps avg, 0.033 bit/pixel
Аудио: 44.1 KHz, AAC LC, 2 ch, ~246 Kbps

Note: Раздача переработана, причесана.
Пожалуйста, перекачайте торрент.
У вас нет необходимых прав для просмотра вложений в этом сообщении.