| Главная| Трекер ▼| Поиск| Правила| FAQ| |
|
| Автор | Сообщение |
|---|---|
|
Assassins
Модератор 
С нами: 11 лет 4 месяца
Сообщения: 87029 Откуда: Красноярск 
|
Web Application Pentesting
Год выпуска: 2013 Производитель: Pentester Academy Сайт производителя: www.pentesteracademy.com/course?id=5 Продолжительность: 09:57:31 Тип раздаваемого материала: Видеоурок Язык: Английский Описание:Курс от Penstester Academy A non-exhaustive and continuously evolving list of topics to be covered include: HTTP/HTTPS protocol basics Understanding Web Application Architectures Lab setup and tools of the trade Converting your browser into an attack platform Traffic Interception and Modification using Proxies Cross Site Scripting Types Reflected Persistent DOM based Filtering XSS Evading XSS filters Cookie stealing and session hijacking Self-XSS BeeF SQL Injection Error based Blind Second order injections Broken authentication and session management session id analysis custom authentication Security misconfigurations Web and database server Application framework Insecure direct object reference Cross-site Request Forgery GET and POST based JSON based in RESTful Service Token Hijacking via XSS Multi-Step CSRF Insecure cryptographic storage Clickjacking File upload vulnerabilities Bypassing extension, content-type etc. checks RFI and LFI Web to Shell Web Shells PHP meterpreter Analyzing Web 2.0 applications AJAX RIAs using Flash, Flex Attacking Caching servers Memcached Redis Non Relational Database Attacks Appengine Datastore MongoDB, CouchDB etc. HTML5 Attack Vectors Tag abuse and use in XSS Websockets Client side injection Clickjacking Web Application firewalls Fingerprinting Detection Techniques Evading WAFs … more additions will be made as course evolves 1 Course Introduction 2 HTTP Basics 3 Netcat Lab for HTTP 1.1 and 1.0 4 HTTP Methods and Verb Tampering 5 HTTP Method Testing with Nmap and Metasploit 6 HTTP Verb Tampering Demo 7 HTTP Verb Tampering Lab Exercise 8 HTTP Basic Authentication 9 Attacking HTTP Basic Authentication with Nmap and Metasploit 10 HTTP Digest Authentication RFC 2069 11 HTTP Digest Auth Hashing (RFC 2069) 12 HTTP Digest Authentication (RFC 2617) 13 HTTP Statelessness and Cookies 14 HTTP Set-Cookie with HTTPCookie 15 Session ID 16 SSL - Transport Layer Protection 17 SSL MITM using Proxies 18 File Extraction from HTTP Traffic 19 HTML Injection Basics 20 HTML Injection in Tag Parameters 21 HTML Injection using 3rd Party Data Source 22 HTML Injection - Bypass Filters Cgi.Escape 23 Command Injection 24 Command Injection - Filters 25 Web to Shell on the Server 26 Web Shell: PHP Meterpreter 27 Web Shell: Netcat Reverse Connects 28 Web Shell: Using Python, PHP etc. 29 Getting Beyond Alert(XSS) 30 Javascript for Pentesters: Introduction and Hello World 31 XSS: Cross Site Scripting 32 Javascript for Pentesters: Variables 33 Types of XSS 34 Javascript for Pentesters: Operators 35 XSS via Event Handler Attributes 36 Javascript for Pentesters: Conditionals 37 DOM XSS 38 Javascript for Pentesters: Loops 39 Javascript for Pentesters: Functions 40 Javascript for Pentesters: Data Types 41 Javascript for Pentesters: Enumerating Object Properties 42 Javascript for Pentesters: HTML DOM 43 Javascript for Pentesters: Event Handlers 44 Javascript for Pentesters: Cookies 45 Javascript for Pentesters: Stealing Cookies 46 Javascript for Pentesters: Exceptions 47 Javascript for Pentesters: Advanced Forms Manipulation 48 Javascript for Pentesters: XMLHttpRequest Basics 49 Javascript for Pentesters: XHR and HTML Parsing 50 Javascript for Pentesters: XHR and JSON Parsing 51 Javascript for Pentesters: XHR and XML Parsing 52 File Upload Vulnerability Basics 53 Beating Content-Type Check in File Uploads 54 Bypassing Blacklists in File Upload 55 Bypassing Blacklists using PHPx 56 Bypassing Whitelists using Double Extensions in File Uploads 57 Defeating Getimagesize() Checks in File Uploads 58 Null Byte Injection in File Uploads 59 Exploiting File Uploads to get Meterpreter 60 Remote File Inclusion Vulnerability Basics 61 Exploiting RFI with Forced Extensions 62 RFI to Meterpreter 63 LFI Basics 64 LFI with Directory Prepends 65 Remote Code Execution with LFI and File Upload Vulnerability 66 LFI with File Extension Appended - Null Byte Injection 67 Remote Code Execution with LFI and Apache Log Poisoning 68 Remote Code Execution with LFI and SSH Log Poisoning 69 Unvalidated Redirects 70 Encoding Redirect Params 71 Open Redirects: Base64 Encoded Params 72 Open Redirects: Beating Hash Checking 73 Open Redirects: Hashing with Salt 74 Securing Open Redirects 75 Cross Site Request Forgery Basics 76 Cross Site Request Forgery Trigger Tags 77 CSRF Multi-Step Operation Handling 78 Mitigating CSRF with Tokens 79 CSRF and XSS 80 CSRF Token Bypass with Hidden Iframes 81 Insecure Direct Object Reference 82 Insecure Direct Object Reference (Burp Demo) Формат видео: MP4 Видео : AVC, 1280x1024 (5:4), 30.000 fps, ~1 311 Kbps avg, 0.033 bit/pixel Аудио: 44.1 KHz, AAC LC, 2 ch, ~246 KbpsNote: Раздача переработана, причесана. Пожалуйста, перекачайте торрент. Помоги нашему сайту на расходы за сервер и качай торренты НЕОГРАНИЧЕННО!
Или 2204 1201 2214 8816, с комментарием "Помощь трекеру" Связь с администрацией |
|
Страница 1 из 1 |
|
|
