Quản trị net diễn đàn chia sẻ thông tin các thủ thuật mạng, internet bảo mật thông tin dành cho giới IT VIệt hy vọng là nơi bổ ích cho cộng đồng - View Single Post - Nội dung chương trình Web Hacking / Web Security

29-07-2009, 11:33 PM

Nội dung chương trình Web Hacking / Web Security

Part I: Reconnaissance

Lesson 1: Introduction Web Application Security

* Why Build Secure Web Applications?
* Attackers: Who, Why, When and How to attack?

Lesson 2: The Web Application Architecture

* About HTML
* Transport: HTTP
* The Web Client
* The Web Server
* The Web Application
* The Database
* Complications and Intermediaries
* Web Services

Lesson 3: The Methodology of Web Hacking

* Attack Web Server
* Attack the Authentication Mechanism
* Attack the Authorization Schemes
* Perform a Functional Analysis
* Exploit the Data Connectivity
* Attack the Management Interfaces
* Social Engineering
* Launch a Denial of Service Attack

Lesson 4: Hacking Web Servers

* Common Vulnerabilities by Platform
o Apache
o Microsoft Internet Information Server (IIS)
o Attack Again IIS Components
o Escalating Privileges on IIS
* Automated Vulnerability Scanning Software
* Denial of Service Against Web Servers

Part II: The Attack

Lesson 5: Authentication

* Authentication Mechanisms
o HTTP Authentication: Basic and Digest
o Forms-Based Authentication
o Microsoft Passport
* Attacking Web Authentication
o Password Guessing
o Session IT Prediction and Brute Forcing
o Subverting Cookies
o Bypassing SQL-Backed Login Forms
* Bypassing Authentication

Lesson 6: Authorization

* Query String
* Post Data
* Hidden Tags
* URI
* HTTP Headers
* Cookies

Lesson 7: Attacking Session State Management

* Client-Side Techniques
o Hidden Fields
o The URL
o HTTP Headers and Cookies
* Server-Side Techniques
o Server-Generated Session IDs
o Session Database

Lesson 8: Input Validation Attacks

* User Input
* Types of User Input Attacks
* Performing Validation
* Revealing as Little Information as Possible to the User
* Verifying User Input

Lesson 9: Attacking Web Database

* A SQL Primer
* SQL Injection

Lesson 10: Hacking Web Application Management

* Web Server Administration
o Telnet
o SSH
o Proprietary Management Ports
o Other Administration Services
* Web Content Management
o FTP
o SSH/SCP
o Pront Page
o WebDAV

Lesson 11: Web Client Hacking

* The Problem of Client-Side Security
* Active Content Attacks
* Cross-Site Scripting
* Cookie Hijacking

Lesson 12: Other Hacking

* Social Engineering Attacks
* Denial of Services Attacks

Trên là nội dung chương trình khóa đào tạo web security va web hacking của trường vnlamp

AdminPhuong

29-07-2009, 11:33 PM	#1
hoctinhoc Guest Trả Lời: n/a	Nội dung chương trình Web Hacking / Web Security Nội dung chương trình Web Hacking / Web Security Part I: Reconnaissance Lesson 1: Introduction Web Application Security * Why Build Secure Web Applications? * Attackers: Who, Why, When and How to attack? Lesson 2: The Web Application Architecture * About HTML * Transport: HTTP * The Web Client * The Web Server * The Web Application * The Database * Complications and Intermediaries * Web Services Lesson 3: The Methodology of Web Hacking * Attack Web Server * Attack the Authentication Mechanism * Attack the Authorization Schemes * Perform a Functional Analysis * Exploit the Data Connectivity * Attack the Management Interfaces * Social Engineering * Launch a Denial of Service Attack Lesson 4: Hacking Web Servers * Common Vulnerabilities by Platform o Apache o Microsoft Internet Information Server (IIS) o Attack Again IIS Components o Escalating Privileges on IIS * Automated Vulnerability Scanning Software * Denial of Service Against Web Servers Part II: The Attack Lesson 5: Authentication * Authentication Mechanisms o HTTP Authentication: Basic and Digest o Forms-Based Authentication o Microsoft Passport * Attacking Web Authentication o Password Guessing o Session IT Prediction and Brute Forcing o Subverting Cookies o Bypassing SQL-Backed Login Forms * Bypassing Authentication Lesson 6: Authorization * Query String * Post Data * Hidden Tags * URI * HTTP Headers * Cookies Lesson 7: Attacking Session State Management * Client-Side Techniques o Hidden Fields o The URL o HTTP Headers and Cookies * Server-Side Techniques o Server-Generated Session IDs o Session Database Lesson 8: Input Validation Attacks * User Input * Types of User Input Attacks * Performing Validation * Revealing as Little Information as Possible to the User * Verifying User Input Lesson 9: Attacking Web Database * A SQL Primer * SQL Injection Lesson 10: Hacking Web Application Management * Web Server Administration o Telnet o SSH o Proprietary Management Ports o Other Administration Services * Web Content Management o FTP o SSH/SCP o Pront Page o WebDAV Lesson 11: Web Client Hacking * The Problem of Client-Side Security * Active Content Attacks * Cross-Site Scripting * Cookie Hijacking Lesson 12: Other Hacking * Social Engineering Attacks * Denial of Services Attacks Trên là nội dung chương trình khóa đào tạo web security va web hacking của trường vnlamp AdminPhuong