К профилю facebook
К профилю linkedin

Security Testing OWASP TOP 10

В качестве растущей тенденции в ИТ-индустрии на кибербезопасность разрабатываемых продуктов и экспоненциально увеличивает спрос на специалистов, которые разбираются в том какие методы защиты на атаки со стороны мошенников можно применить, дабы защитить себя от злоумышленников. В рамках этого видеокурса, который состоит из 18 часов, вы узнаете о ТОП-10 веб уязвимостей, определенных OWASP. Вы не только узнаете о них в теории, но и пощупаете на практике, каждую из уязвимостей, употребляя при этом инструменты, которые будут облегчать вам поиск этих дыр. Жду вас у себя на курсе...

Инструменты, которые будут использованы в тренинге:

Sqlmap, Burp Suite, OWASP ZAP, Metasploit, Nmap, Ettercap, Social engineering toolkit,  BeEF, Rainbowcrack, Slowloris

 

1) Introduction into Security Testing:

- History security.

- Hacker attacks.

- Security testing in SDLC.

- Tools for Security testing.

- OWASP TOP 10 - Brief introduction.

 

2) A1:Injection:

- What it is “Injection” attack.

- Examples of attacks.

- Сauses of “Injection” vulnerability.

- Tools for search SQL injection.

- Demo and Practice: in search SQL injection

- Protection Recommendations.

 

3) A2:Broken Authentication:

- What it is “Broken Authentication”.

- Examples of attacks.

- Сauses of “Broken Authentication” vulnerability.

- Tools for search “Broken Authentication”.

- Demo and Practice: in search “Broken Authentication”

- Protection Recommendations.

 

4) A3:Sensitive Data Exposure:

- What it is “Sensitive Data Exposure”.

- Examples of attacks.

- Сauses of “Sensitive Data Exposure” vulnerability.

- Tools for search “Sensitive Data Exposure”.

- Demo and Practice: in search “Sensitive Data Exposure”

- Protection Recommendations.

 

5) A4:XML External Entities (XXE):

- What it is “XML External Entities (XXE)”.

- Examples of attacks.

- Сauses of “XML External Entities (XXE)” vulnerability.

- Tools for search “XML External Entities (XXE)”.

- Demo and Practice: in search “XML External Entities (XXE)”

- Protection Recommendations.

 

6) A5:Broken Access Control:

- What it is “Broken Access Control”.

- Examples of attacks.

- Сauses of “Broken Access Control” vulnerability.

- Tools for search “Broken Access Control”.

- Demo and Practice: in search “Broken Access Control”

- Protection Recommendations.

 

 

7) A6:Security Misconfiguration:

- Reminder of the things learned previous day.

- What it is “Security Misconfiguration” attack.

- Examples of attacks.

- Сauses of “Security Misconfiguration” vulnerability.

- Protection Recommendations.

 

8) A7: Cross-Site Scripting (XSS):

- What it is “Cross-Site Scripting (XSS)” attack.

- Examples of attacks.

- Сauses of “Cross-Site Scripting (XSS)” vulnerability.

- Tools for search "Cross-Site Scripting (XSS)".

- Demo and Practice: in search "Cross-Site Scripting (XSS)"

- Protection Recommendations.

 

9) A8:Insecure Deserialization:

- What it is “Insecure Deserialization”.

- Examples of attacks.

- Сauses of “Insecure Deserialization” vulnerability.

- Tools for search “Insecure Deserialization”.

- Demo and Practice: in search “Insecure Deserialization” 

- Protection Recommendations.

 

10) A9:Using Components with Known Vulnerabilities:

- What it is?.

- Examples of attacks.

- Сauses of vulnerability.

- Tools for search vulnerability.

- Demo and Practice: in search vulnerability

- Protection Recommendations.

 

11) A10:Insufficient Logging & Monitoring:

- What it is Insufficient Logging & Monitoring” attack.

- Examples of attacks.

- Сauses of “Insufficient Logging & Monitoring” vulnerability. 

- Protection Recommendations.

 

12) CSRF

- What it is CSRF.

- Examples of attacks.

 

13) Closing-Up:

- Conclusions.

- Literature.

- Recommendations on further steps. 

gallery/0_oeehiifqspxewexa
gallery/pro_target_study2

 

- Видеокурс OWASP TOP 10 WEB

Длительный курса 7 часов

Доступ по ссылке с привязкой к гугл почте

Для получения курса, пишите в личку svyat.login@gmail.com

 

gallery/logo

 

- 2 декабря OWASP TOP 10 WEB. Киев.

Длительный курс из 6 занятий по 3 часа,

Занятия по пн и ср,

маленькая группа, до 9 человек,

На этом курсе вы получите большую индивидуальность тренера

https://start-it.ua/security-testing