SANS SEC642 Advanced Web App Penetration Testing, Ethical Hacking, and Exploitation Techniques

موضوع اصلی دوره SANS SEC642 تست نفوذ پیشرفته وب اپلیکیشن، هک قانونمند و تکنیک‌های اکسپلویت می‌باشد. دوره امنیتی SANS SEC642 به‌گونه‌ای طراحی شده که طی آن، تمام آموزش‌های لازم در رابطه با تکنیک‌های تست وب اپلیکیشن‌های مدرن و تکنولوژی‌های نسل جدید به شما داده خواهد شد. در این دوره که ترکیبی از آموزش‌های تئوری، مثال‌های واقعی و تمرینات عملی است، تمام مهارت‌های لازم برای تست امنیت فناوری‌های تحت وب را فراخواهید گرفت. فریم‌ورک‌های تحت وب از دیگر مباحثی هستند که در این دوره به آن‌ها پرداخته خواهد شد. علاوه‌بر آن‌ها، در طی این دوره با رمزگذاری آشنا می‌شوید، پروتکل‌های جدید از جمله HTTP/2 و WebSockets را مورد بررسی قرار می‌دهید و نحوه شناسایی و دور زدن فایروال برنامه‌های تحت وب را فرا خواهید گرفت.

خلاصه مباحثی که در طول این دوره SANS SEC642 یاد می‌گیرید به شرح زیر است:

  • نحوه شناسایی و اکسپلویت آسیب‌پذیری‌های موجود در فریم‌ورک‌های مدرن
  • مهارت‌های لازم برای تست و اکسپلویت یک فن‌آوری خاص مانند HTTP/2، Web Sockets و Node.js
  • نحوه ارزیابی و کشف آسیب‌پذیری‌ها در وب اپلیکیشن‌های مدرن با استفاده از رمزنگاری
  • مهارت‌های لازم برای تست و ارزیابی backend موبایل و وب سرویس‌های استفاده شده در یک شرکت
  • روش‌ها و تکنیک‌های لازم برای دور زدن فایروال فریم‌ورک و وب اپلیکیشن

لینک دانلود دوره آموزشی SANS SEC642 Advanced Web App Penetration Testing, Ethical Hacking, and Exploitation Techniques


حجم: 2 گیگابایت

دانلود – eBooks PDF
دانلود – Video – بخش اول
دانلود – Video – بخش دوم
دانلود – Video – بخش سوم

Date: 2019
Price: $6,525 USD
Publisher: SANS
By: Sarah Edwards
Format: eBook PDF + Video

What You Will Learn

Can Your Web Applications Withstand the Onslaught of Modern Advanced Attack Techniques?
Modern web applications are growing more sophisticated and complex as they use exciting new technologies and support ever-more critical operations. Long gone are the days of basic HTML requests and responses. The complexity of HTTP and modern web applications is progressing at breathtaking speed. With the demands of highly available web clusters and cloud deployments, web applications are looking to deliver more functionality in smaller packets at a decreased strain on backend infrastructure. Welcome to an era that includes tricked-out cryptography, WebSockets, HTTP/2, and a whole lot more. Are your web application assessment and penetration testing skills ready to evaluate these impressive new technologies and make them more secure?
Are You Ready to Put Your Web Applications to the Test with Cutting-Edge Skills?
This pen testing course is designed to teach you the advanced skills and techniques required to test modern web applications and next-generation technologies. The course uses a combination of lectures, real-world experiences, and hands-on exercises to teach you the techniques to test the security of tried-and-true internal enterprise web technologies, as well as cutting-edge Internet-facing applications. The final course day culminates in a Capture-the-Flag competition where you will apply the knowledge you acquired during the previous five course sections in a fun environment based on real-world technologies.
Hands-on Learning of Advanced Web Application Exploitation Skills
We begin by exploring advanced techniques and attacks to which all modern-day complex applications may be vulnerable. We’ll learn about new web frameworks and web backends, then explore encryption as it relates to web applications, digging deep into practical cryptography used by the web, including techniques to identify the type of encryption in use within the application and methods for exploiting or abusing it. We’ll then look at alternative front ends to web applications and web services such as mobile applications, and examine new protocols such as HTTP/2 and WebSockets. The last section of the course, before the Capture-the-Flag competition, will focus on how to identify and bypass web application firewalls, filtering, and other protection techniques.
You Will Learn

  • How to discover and exploit vulnerabilities in modern web frameworks, technologies, and backends
  • Skills to test and exploit specific technologies such as HTTP/2, Web Sockets, and Node.js
  • How to evaluate and find vulnerabilities in the many uses of encryption within modern web applications
  • Skills to test and evaluate mobile backends and web services used in an enterprise
  • Methods to recognize and bypass custom developer, web framework, and Web Application Firewall defenses

You Will Be Able To

  • Perform advanced Local File Include (LFI)/Remote File Include (RFI), Blind SQL injection (SQLi), and Cross-Site Scripting (XSS) combined with Cross-Site Request Forger (XSRF) discovery and exploitation
  • Exploit advanced vulnerabilities common to most backend language like Mass Assignments, Type Juggling, and Object Serialization
  • Perform JavaScript-based injection against ExpressJS, Node.js, and NoSQL
  • Understand the special testing methods for content management systems such as SharePoint and WordPress
  • Identify and exploit encryption implementations within web applications and frameworks
  • Discover XML Entity and XPath vulnerabilities in SOAP or REST web services and other datastores
  • Use tools and techniques to work with and exploit HTTP/2 and Web Sockets
  • Identify and bypass Web Application Firewalls and application filtering techniques to exploit the system

آدرس ایمیل شما منتشر نخواهد شد.