Chia Sẽ Kinh Nghiệm Về IT



Tìm Kiếm Với Google
-


Gởi Ðề Tài Mới  Gửi trả lời
 
Công Cụ Xếp Bài
Tuổi 29-07-2009, 10:33 PM   #1
hoctinhoc
Guest
 
Trả Lời: n/a
Nội dung chương trình Web Hacking / Web Security
Nội dung chương trình Web Hacking / Web Security



Part I: Reconnaissance

Lesson 1: Introduction Web Application Security

* Why Build Secure Web Applications?
* Attackers: Who, Why, When and How to attack?

Lesson 2: The Web Application Architecture

* About HTML
* Transport: HTTP
* The Web Client
* The Web Server
* The Web Application
* The Database
* Complications and Intermediaries
* Web Services

Lesson 3: The Methodology of Web Hacking

* Attack Web Server
* Attack the Authentication Mechanism
* Attack the Authorization Schemes
* Perform a Functional Analysis
* Exploit the Data Connectivity
* Attack the Management Interfaces
* Social Engineering
* Launch a Denial of Service Attack

Lesson 4: Hacking Web Servers

* Common Vulnerabilities by Platform
o Apache
o Microsoft Internet Information Server (IIS)
o Attack Again IIS Components
o Escalating Privileges on IIS
* Automated Vulnerability Scanning Software
* Denial of Service Against Web Servers

Part II: The Attack

Lesson 5: Authentication

* Authentication Mechanisms
o HTTP Authentication: Basic and Digest
o Forms-Based Authentication
o Microsoft Passport
* Attacking Web Authentication
o Password Guessing
o Session IT Prediction and Brute Forcing
o Subverting Cookies
o Bypassing SQL-Backed Login Forms
* Bypassing Authentication

Lesson 6: Authorization

* Query String
* Post Data
* Hidden Tags
* URI
* HTTP Headers
* Cookies

Lesson 7: Attacking Session State Management

* Client-Side Techniques
o Hidden Fields
o The URL
o HTTP Headers and Cookies
* Server-Side Techniques
o Server-Generated Session IDs
o Session Database

Lesson 8: Input Validation Attacks

* User Input
* Types of User Input Attacks
* Performing Validation
* Revealing as Little Information as Possible to the User
* Verifying User Input

Lesson 9: Attacking Web Database

* A SQL Primer
* SQL Injection

Lesson 10: Hacking Web Application Management

* Web Server Administration
o Telnet
o SSH
o Proprietary Management Ports
o Other Administration Services
* Web Content Management
o FTP
o SSH/SCP
o Pront Page
o WebDAV

Lesson 11: Web Client Hacking

* The Problem of Client-Side Security
* Active Content Attacks
* Cross-Site Scripting
* Cookie Hijacking

Lesson 12: Other Hacking

* Social Engineering Attacks
* Denial of Services Attacks

Trên là nội dung chương trình khóa đào tạo web security va web hacking của trường vnlamp

AdminPhuong
  Trả lời ngay kèm theo trích dẫn này
Gửi trả lời


Công Cụ
Xếp Bài

Quyền Hạn Của Bạn
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is Mở
Hình Cảm xúc đang Mở
[IMG] đang Mở
Mã HTML đang Tắt




Bây giờ là 03:20 AM. Giờ GMT +7



Diễn đàn tin học QuantriNet
quantrinet.com | quantrimang.co.cc
Founded by Trương Văn Phương | Developed by QuantriNet's members.
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.