آموزش پیشرفته وب هکینگ

آموزش پیشرفته وب هکینگ
دانلود کامل ویدیو های آموزش پیشرفته وب هکینگ
دانلود آموزش ZDResearch – Advanced Web Hacking
ZDResearch – Advanced Web Hacking

امنیت شبکه از جمله بخش های مهم هر سازمانی است. مدیران امنیت شبکه باید از دانش بالایی برخوردار باشند تا بتوانند در مقابل تهدید ها و مشکلات بوجود آمده عکس العمل نشان دهند. دوره آموزش پیشرفته وب هکینگ (ZDResearch – Advanced Web Hacking) از جمله بهترین دوره های آموزش امنیت شبکه برای مدیران شبکه می باشد. این دوره آموزشی ویژه کارشناسان امنیت شبکه و همچنین طراحان وب سایت می باشد که قصد بررسی، تست نفوذ و محک زدن امنیت برنامه های تحت وب را دارند. این دوره آموزشی تمامی تست نفوذ ها را از دید یک هکر بررسی کرده و حفره ها و باگ ها را از دید این هکر در برنامه های تحت وب مورد بررسی قرار می دهد.

در این دوره آموزشی به بررسی پروتکل OWASP، آنالیز و بررسی حملات انجام شده بر HTML5، بررسی و آنالیز Source Code ها، SQL Ingection، هک Web Application Firewall ها و مطالب مفید دیگر می پردازد. امید است با استفاده از این دوره آموزشی پیشرفته آنچه برای محافظت از برنامه های تحت وب خود نیاز دارید، بدست آورید.

لینک های دانلود آموزش پیشرفته وب هکینگ

Download ZDResearch – Advanced Web Hacking
Link : ZDResearch–Advanced-Web-Hacking.part1.rar
Link : ZDResearch–Advanced-Web-Hacking.part2.rar
Link : ZDResearch–Advanced-Web-Hacking.part3.rar
Size : 2.12 GB

ZDResearch – Advanced Web Hacking

This course is tailored for all security researchers, penetration testers and web designers who like to receive in-depth knowledge of web application security from a hacker’s perspective.

This is the flagship web application security course provided by ZDResearch Training. In this course you will go through a multitude of web application security topics, all accompanied by demos and hands-on labs. Topics will cover traditional OWASP Top 10 issues as well as several other cutting-edge topics, such as HTML5 attacks, Source Code Auditing and Analysis, CAPTCHA bypass and many more.

Advanced Web Hacking course is the product of 10+ years of web application vulnerability research performed by ZDResearch hunters. Not only it will go through some of the typical methods and techniques used to attack and exploit (as well as defend) web applications, it will teach you the delicate tricks of the trade in the process. For example, you will learn how to fully exploit a system that only allows SQL injection into the LIMIT BY clause, or how to bypass taint based web application firewalls.

What Is Covered?

Advanced SQL Injection: From writing custom Double-Blind injection scripts to Second Order injections and Order-By injection clauses resulting in full system takeover, Advanced SQL Injection will cover all the necessary skills for mastering SQLI.
Command Injection: With command injection, students will be involved in creating Reverse Shells and Bind Shells which are able to bypass both filetype and filename filters. For completeness, in the ZDResearch Advanced Web Hacking Course other command injection methods are covered as well.

Code Injection: Going beyond the typical eval injection, code injection in “Advanced Web Hacking” covers file inclusions (LFI/RFI) and regular expression injections in addition to other types of code injection attacks.
Object Injection/Deserialization: An attack that is extremely popular these days is thoroughly and painstakingly detailed for the students particularly with respect to various Java applications.
XML XXE/XPath Injections: In this topic, the ZDResearch Advanced Web Hacking course covers injections related to the XML technology. This includes DOM and SAP parsers and XPath/XXE injections.
Reflective/Persistent/DOM XSS: With this skill, students will master all types of XSS. This allows students to have the skills necessary to bypass XSS blacklists and filters. An entirely new universe of different exploits applicable to XSS attacks will be covered as well.

ZDResearch – Advanced Web Hacking

CSRF: Here, students will forge requests to create new administrator accounts, gain complete access to the system, and bypass CSRF tokens in addition to other CSRF exploitation techniques.
HTML5 Attacks: This topic will encourage students to master HTML5-specific attacks from Video/Audio, CORS, CWM, WebSockets, Canvas/SVG, CSP, and Drag & Drop attacks.
Session Management Attacks: This topic will introduce students to session management and it’s potential vulnerabilities. This will allow students to accurately understand how attackers may manipulate sessions via session hijacking, session fixation, randomization attacks, etc.
Web Service Attacks: This skill provides students with the opportunity to master web service technologies including: REST, SOAP, WSDL, JWT, SAX, SSRF, etc. They will understand how each may be exploited to bypass access control, inject code and leak information which, taken together, results in an application being broken into.

Authentication & Authorization: Here, student learning will consist of modern authentication and authorization technologies such as RBAC, oAuth, etc. The topic covers what possible vulnerabilities exist in each of the respective technologies mentioned above. Students will then acquire the skills necessary to exploit these vulnerabilities, bypass CAPTCHAs, gain unauthorized access to systems, and escalate their privileges to root access.
Code Auditing: This will provide students the opportunity to understand how code auditing works, how static and dynamic code analysis technologies operate, what SMT and SAT solvers are, what their possible limitations are, how they can be bypassed, and how they can be used to discover new zeroday vulnerabilities within the context of web applications.
Other Attacks: Here, students will learn about bypassing WAFs. Attacks such as Open Redirect attacks, Denial of Service attacks, HTTP manipulation attacks, and human API attacks will also be covered in-depth in this chapter.

Source: zdresearch.com