Web Hacking Expert


Web Hacking Expert
- خبره
- مسیر قرمز
- ۹ درس
دربارهی این دوره
این دوره به چه افرادی توصیه میشود؟
- کارشناسان ارزیابی امنیت و تست نفوذ
- کارشناسان امنیت سایبری در سازمانها و شرکتها
- کارشناسان فعال در زمینهی Bug Bounty
برای حضور در این دوره چه دانشهایی باید داشته باشم؟
- تسلط به آسیب پذیریهای رایج وب
- آشنایی در حد متوسط با زبان جاوااسکریپت
- حداقل یک سال تجربهی کاری در زمینهی تست نفوذ وب
سرفصلهای دوره
-
NodeJS Applications
-
NodeJS Architecture
-
NodeJS Built-In Modules
-
Server-Side JavaScript Injection
-
Stand-Alone Functions
-
child_process Dependent Functions
-
File System Access
-
-
Prototype Pollution Attacks
-
Prototypes & Global Object
-
Prototype Pollution Cases
-
Fuzzing for Prototype Pollution Vulnerabilities
-
-
-
Dependency Confusion Attacks
-
-
DOM-Based Vulnerabilities
-
DOM XSS
-
postMessage & Window Objects
-
postMessage Attack Scenarios
-
From postMessage to DOM-Based XSS
-
From postMessage to Information Disclosure
-
postMessage + CSRF
-
Client-Side Race Condition
-
-
Hunting for postMessage Vulnerabilities
-
Detecting postMessage Interfaces
-
postMessage Tracker
-
DOM Invader
-
-
Understanding JSONP
-
Insecure JSONP Call
-
DOM Clobbering
-
HTML Attributes & Window Scope
-
DOMPurify
-
DOM Clobbering to XSS
-
HTMLCollection Interface
-
Multi-Level DOM Clobbering
-
-
-
Template Injection
-
Client-Side Rendering vs Server-Side Rendering
-
Template Engines
-
Template Engine Language
-
NodeJS Template Engines
-
Java Template Engines
-
PHP Template Engines
-
Ruby on Rails Template Engines
-
-
Attack Surface Analysis for Template Injection
-
Client-Side vs Server-Side Template Injection
-
Automated Testing for Template Injection
-
-
XXE Injection
-
XML Parsers
-
XML Entities & DTD
-
Entity Types
-
General Entities
-
Parameter Entities
-
Predefined Entities
-
-
External & Internal Entities
-
XXE Injection Attack Scenarios
-
Out-of-Band XXE Injection
-
Automated Testing for XXE Injection
-
-
NOSQL
-
Introduction to NOSQL Databases
-
MongoDB
-
CRUD Operations
-
Comparison & Logical Operators
-
Attack Surface Analysis for NOSQL Injection
-
NOSQL Injection Scopes
-
Automated Testing for NOSQL Injection
-
-
Insecure Deserialization
-
Object Serialization vs Deserialization
-
Serialization Formats
-
Attack Surface Analysis for Insecure Deserialization
-
Exploiting Insecure Deserialization
-
-
Caching System Attacks
-
Caching Mechanism
-
Deep Dive into Caching Headers
-
Web Cache Deception Attack
-
Attack Surface Analysis for Web Cache Deception
-
Exploiting Web Deception Attack
-
Automated Testing for Web Cache Deception
-
-
Web Cache Poisoning Attack
-
Attack Surface Analysis for Cache Poisoning
-
-
Automated Testing for Web Cache Poisoning Attacks
-
-
HTTP Request Smuggling
-
HTTP Connection Models
-
HTTP Request Smuggling
-
Attack Surface Analysis for HTTP Request Smuggling
-
HTTP Request Smuggling Attack Scenarios
-
-
Automated Testing for HTTP Request Smuggling
-
-
Logical Vulnerabilities
گواهینامهی دوره
