عرفان باقری‌اول

• متوسط
• مسیر قرمز
• ۱۵ درس

دربارۀ این دوره

مخاطبان

• کارشناسان تست نفوذ وب
• برنامه‌نویسان علاقه‌مند به امنیت وب
• کارشناسان مراکز عملیات امنیت سطح ۱ و ۲
• کارشناسان پاسخ به رخداد

پیش‌نیازها

• +Network
• +Security
• HTTP Protocol
• Introduction to Web Security

• Introduction and Overview
  • Introduction and Overview of OWASP
  • Importance of Web Application Security
  • OWASP Top 10 Overview
• Web Fundamentals & Browser Security
  • An Overview of the HTTP Protocol
  • HTTP Requests, Responses and Headers
  • HTTP Methods and Response Codes
  • An Overview of the SSL Protocol
  • An Overview of the DNS Protocol
  • Same-Origin Policy & CORS
• Authentication
  • Identification, Authentication, Authorization
  • Authentication Mechanisms
    • Password-based Authentication
    • Token-based Authentication (Sessions, JWT)
    • Single Sign-On (SSO) with OAuth2 / SAML
    • Passwordless (Magic Links)
  • Application Architectures & Authentication
    • Legacy Web Applications
    • Single Page Applications (SPA)
    • Mobile Applications
    • Microservices and API-driven Apps
• Introduction to JavaScript for Security
  • JavaScript Basics Refresher
  • DOM & Browser Interaction
  • JavaScript for Scanning
  • Exploitation Basics with JavaScript
  • Advanced Security Snippets
• Web Application Reconnaissance
  • Introduction to Reconnaissance
  • Information Gathering – Passive Recon
  • Infrastructure & Network Footprinting
  • Application Mapping
  • Account & Authentication Recon
  • API Reconnaissance
  • Advanced Recon Techniques
  • Automation in Recon
• A01:2021 – Broken Access Control (Common Vulnerabilities)
  • IDOR (Insecure Direct Object Reference)
  • Privilege Escalation (Horizontal & Vertical)
  • Bypassing Access Control Checks
• A02:2021 – Cryptographic Failures (Sensitive Data Exposure)
  • Using Weak or Deprecated Algorithms (MD5, SHA1, DES, RC4)
  • Hardcoded Keys, Passwords, or Secrets
  • Lack of Encryption for Data at Rest
• A03:2021 – Injection
  • SQL Injection (Classic, Union-based, Blind, Time-based) / NoSQL Injection (MongoDB, CouchDB)
  • RCE & OS Command Injection
  • XML Injection (XXE – XML External Entities)
  • XSS & Prototype Pollution
• A04:2021 – Insecure Design
  • Unvalidated Redirects & Forwards
  • Missing or Weak Access Control Flows
  • WebShell Upload
• A05:2021 – Security Misconfiguration
  • Exposed Admin Interfaces
  • Directory Listing Enabled
  • Verbose Error Messages
  • Default Accounts & Credentials
  • Unpatched or Outdated Systems
• A06:2021 – Vulnerable and Outdated Components
  • Outdated Server Software (Apache, Nginx, IIS, Tomcat)
  • Unpatched CMS Platforms (WordPress, Joomla, Drupal with vulnerable plugins/themes)
  • Using Outdated Frameworks (e.g., old versions of Spring, Struts, Laravel, Django)
• A07:2021 – Identification and Authentication Failures
  • Improper JWT Handling
  • Weak Password Recovery Mechanisms
  • Session Fixation & Predictable Session IDs
• A08:2021 – Software and Data Integrity Failures
  • Insecure Deserialization
  • Unsigned or Unverified Software Updates
  • Tampering with Config/Serialized Data
  • Insecure CI/CD Pipelines
• A09:2021 – Security Logging and Monitoring Failures
  • Insufficient Log Detail (missing user, IP, timestamp, event type)
• A10:2021 – Server-Side Request Forgery (SSRF)
  • Bypassing Whitelists (using alternate encodings, DNS rebinding, 127.0.0.1 variations)
  • SSRF via File Uploads (image URL fetchers, PDF generators, etc.)
  • Blind SSRF (no direct response, detect via DNS/logs)
  • SSRF to Exploit Protocols Beyond HTTP (gopher://, ftp://, file://)
  • SSRF Leading to Remote Code Execution (via internal admin panels, Redis, Elastic-search) [Bonus]

گواهینامه‌ی دوره