Web Security – Vulnerability Analysis

0 Enrolled
28 hour
  • 28 hour
  • 94
  • 0
  • no
2,750.00€

Aperçu du cours

Objectif de formation : Cette formation englobe analyse et compréhension des différents éléments axés applications web pour une exploration du domaine des vulnérabilité et attaques orientées WEB

Programme d'études

  • Web Application Assessment Concepts

    • Penetration Testing

    • Application Penetration Testing

    • Risk Assessment and Management

    • OWASP Testing Guide

    • Web Application Security Consortium Threat Classification

    • Penetration Testing Execution Standard

    • Pre-Engagement Interactions

    • Intelligence Gathering

    • Threat Modelling

    • Vulnerability Analysis

    • Exploitation

    • Post Exploitation

    • Reporting

    • OWASP Zed Attack Proxy (ZAP)

    • BurpSuite

    • Browser Exploitation Framework (BeEF)

    • Other Tools

  • Web Application Reconnaissance

    • Reconnaissance – WHOIS

    • Reconnaissance – Domain Name System (DNS)

    • Reconnaissance – Virtual Host (vHost) Discovery

    • Open-Source Intelligence (OSINT) – Definitions

    • Open-Source Intelligence (OSINT) – Frameworks & Tools

    • Protocols – Hypertext Transfer Protocol (HTTP)

    • Protocols – Hypertext Transfer Protocol (HTTP) – Cookies

    • Protocols – Hypertext Transfer Protocol (HTTP) – Headers

    • Protocols – Hypertext Transfer Protocol (HTTP) – Request Methods

    • Protocols – Hypertext Transfer Protocol (HTTP) – Status Codes

    • Protocols – Hypertext Transfer Protocol (HTTP) – 1.0, 1.1, 2.0 & 3.0

    • Protocols – Hypertext Transfer Protocol (HTTP) – Cross-Origin Resource Sharing (CORS)

    • Protocols – Hypertext Transfer Protocol (HTTP) – Content Security Policy

    • Protocols – Secure Sockets Layer (SSL)

    • Protocols – Secure Sockets Layer (SSL) – Configuration

    • Protocols – Secure Sockets Layer (SSL) – Weaknesses

    • Interception Proxies – Definitions & Types

    • Interception Proxies – Fiddler

    • Interception Proxies – BurpSuite Proxy

    • Interception Proxies – OWASP Zed Attack Proxy (ZAP) Proxy

    • SSL Proxying – Definition

    • SSL Proxying – Through BurpSuite Pro

    • SSL Proxying – Through OWASP Zed Attack Proxy (ZAP)

  • Content Discovery, Authentication and Session Testing

    • Content Discovery – Logging and Monitoring

    • Content Discovery – Website Spidering

    • Content Discovery – Content Analysis

    • Authentication – Web Authentication Mechanisms – Cookie-Based Authentication

    • Authentication – Web Authentication Mechanisms – Token-Based Authentication

    • Authentication – Web Authentication Mechanisms – Third Party Access (OAuth, API Token)

    • Authentication – Web Authentication Mechanisms – OpenID

    • Authentication – Web Authentication Mechanisms – SAML

    • Authentication – Username Harvesting

    • Authentication – Password Guessing

    • Authentication – Authentication and Authorisation Bypass

    • Session Testing – Brute Forcing Unlinked Files

    • Session Testing – Brute Forcing Directories

    • Session Testing – Burp Sequencer

    • Tools – Fuzzing with ZAP

    • Tools – Fuzzing with ffuf

    • Tools – Fuzzing with Burp Intruder

    • Sessions – Session Management

    • Sessions – Session Attacks

    • Training Platforms – Mutillidae

  • Injection, Inclusion, and XML External Entity (XXE)

    • Traversal Attacks – Directory Traversal

    • File Inclusion Attacks – Local File Inclusion (LFI)

    • File Inclusion Attacks – Remote File Inclusion (RFI)

    • SQL Attacks – SQL Injection

    • SQL Attacks – Blind SQL Injection

    • SQL Attacks – Error-Based SQL Injection

    • SQL Attacks – Exploiting SQL injection

    • SQL Attacks – Tools – sqlmap

    • Injection Attacks – Command Injection

    • Injection Attacks – Insecure Deserialisation

    • Injection Attacks – XML External Entity (XXE)

  • XML External Entity (XXE) Deep Dive

    • Client-Side Attacks – Cross-Site Scripting (XSS)

    • Tools – Browser Exploitation Framework (BeEF)

    • Techniques – Asynchronous JavaScript and XML (AJAX)

    • Languages – Extensible Markup Language (XML)

    • Languages – JavaScript Object Notation (JSON)

    • Models – Document Object Model (DOM)

    • Attacks – Application Programming Interface (API)

    • Attacks – Application Programming Interface (API) – Authentication Hijacking

    • Attacks – Application Programming Interface (API) – Data Exposure

    • Attacks – Application Programming Interface (API) – Parameter Tampering

    • Attacks – Application Programming Interface (API) – Unencrypted Communications

    • Principles – Representational State Transfer (REST)

    • Protocols – Simple Object Access Protocol (SOAP)

  • Request Forgery, Logic Flaws and Advanced Tools

    • Web Attacks – Cross-Site Request Forgery (CSRF)

    • Web Attacks – Server-Side Request Forgery (SSRF)

    • Web Attacks – Application Logic Attacks

    • Programming – Python for Web Application Penetration Testing

    • Tools – WPScan

    • Tools – ExploitDB

    • Tools – BurpSuite Pro Scanner

    • Tools – Metasploit

    • Business of Penetration Testing – Preparation

    • Business of Penetration Testing – Post Assessment and Reporting

Instructeur

Avatar de l’utilisateur

bprigent

0.0
0 commentaire
0 Students
453 Courses

Commentaire sur la formation

0.0
0 rating
0%
0%
0%
0%
0%

Soyez le premier à commenter “Web Security – Vulnerability Analysis”

Main Content