标签归档:security

7safe的web安全开发安全编码培训课程的目录

from:7safe

1. Introduction to Web application
* Authentication
* Authorization
* cookies
* HTTP protocol
* overview of Google hacking.

2. Attacking Authentication
* Types of authentication
* clear text http protocol
* Username Enumeration
* Security through Obscurity

3. Web server Issues
* IIS/Apache exploits and introduction to hacking tools such as metasploit
* Insecure HTTP methods

4. Cross Site Scripting
* Types of XSS
* Secure cookie, HTTP-only
* Complicated XSS

5. Cross Site Request Forgery
* Demo
* Complicated XSRF with POST requests
* XSRF in web services

6. Session Fixation

7. CRLF injection
* Proxy Poisoning, XSS with CRLF injection.

8. Clickjacking

9. SQL Injections(basic to advanced)
* Introduction to SQL Injections
* Authentication bypass
* Extracting Data
* O.S code execution
* Overview of advanced sql injections.

10. Malicious File Uploads

11. Vulnerable flash Applications

12. parameter manipulation attacks

13. business logic bypass.
* Authentication bypass
* Other logical flaws

14. SSL misconfigurations
* SSL and Man in the middle attacks
* screenshots

15. Security problems with thick client applications.