Quản trị net diễn đàn chia sẻ thông tin các thủ thuật mạng, internet bảo mật thông tin dành cho giới IT VIệt hy vọng là nơi bổ ích cho cộng đồng

Quản trị net diễn đàn chia sẻ thông tin các thủ thuật mạng, internet bảo mật thông tin dành cho giới IT VIệt hy vọng là nơi bổ ích cho cộng đồng (http://quantrinet.com/forum/index.php)
-   Web Hacking và Web Security (http://quantrinet.com/forum/forumdisplay.php?f=283)
-   -   Nội dung chương trình Web Hacking / Web Security (http://quantrinet.com/forum/showthread.php?t=3063)

hoctinhoc 29-07-2009 10:33 PM
Nội dung chương trình Web Hacking / Web Security
 
Nội dung chương trình Web Hacking / Web Security



Part I: Reconnaissance

Lesson 1: Introduction Web Application Security

* Why Build Secure Web Applications?
* Attackers: Who, Why, When and How to attack?

Lesson 2: The Web Application Architecture

* About HTML
* Transport: HTTP
* The Web Client
* The Web Server
* The Web Application
* The Database
* Complications and Intermediaries
* Web Services

Lesson 3: The Methodology of Web Hacking

* Attack Web Server
* Attack the Authentication Mechanism
* Attack the Authorization Schemes
* Perform a Functional Analysis
* Exploit the Data Connectivity
* Attack the Management Interfaces
* Social Engineering
* Launch a Denial of Service Attack

Lesson 4: Hacking Web Servers

* Common Vulnerabilities by Platform
o Apache
o Microsoft Internet Information Server (IIS)
o Attack Again IIS Components
o Escalating Privileges on IIS
* Automated Vulnerability Scanning Software
* Denial of Service Against Web Servers

Part II: The Attack

Lesson 5: Authentication

* Authentication Mechanisms
o HTTP Authentication: Basic and Digest
o Forms-Based Authentication
o Microsoft Passport
* Attacking Web Authentication
o Password Guessing
o Session IT Prediction and Brute Forcing
o Subverting Cookies
o Bypassing SQL-Backed Login Forms
* Bypassing Authentication

Lesson 6: Authorization

* Query String
* Post Data
* Hidden Tags
* URI
* HTTP Headers
* Cookies

Lesson 7: Attacking Session State Management

* Client-Side Techniques
o Hidden Fields
o The URL
o HTTP Headers and Cookies
* Server-Side Techniques
o Server-Generated Session IDs
o Session Database

Lesson 8: Input Validation Attacks

* User Input
* Types of User Input Attacks
* Performing Validation
* Revealing as Little Information as Possible to the User
* Verifying User Input

Lesson 9: Attacking Web Database

* A SQL Primer
* SQL Injection

Lesson 10: Hacking Web Application Management

* Web Server Administration
o Telnet
o SSH
o Proprietary Management Ports
o Other Administration Services
* Web Content Management
o FTP
o SSH/SCP
o Pront Page
o WebDAV

Lesson 11: Web Client Hacking

* The Problem of Client-Side Security
* Active Content Attacks
* Cross-Site Scripting
* Cookie Hijacking

Lesson 12: Other Hacking

* Social Engineering Attacks
* Denial of Services Attacks

Trên là nội dung chương trình khóa đào tạo web security va web hacking của trường vnlamp

:battay: AdminPhuong


Bây giờ là 07:31 PM. Giờ GMT +7

Diễn đàn tin học QuantriNet
quantrinet.com | quantrimang.co.cc
Founded by Trương Văn Phương | Developed by QuantriNet's members.
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.