This course will introduce you to the secrets of webhacking and web application vulnerabilities, which make it possible to attack application servers and to steal data stored on them. The course will allow you to fully understand the methods [...]
This course will introduce you to the secrets of webhacking and web application vulnerabilities, which make it possible to attack application servers and to steal data stored on them. The course will allow you to fully understand the methods that are commonly used by attackers and try those methods in practice. Web application vulnerabilities, which we will discuss on the course, fall into the most common types of web vulnerabilities and web application developers and administrators should be thoroughly familiar with them. Misusage of this type vulnerability often leads to the complete takeover of control of the target system. Learn about these vulnerabilities and test the security of your web applications before an unwelcome intruder does it for you. We will teach you everything you need for this in our practical course.
Who is the course designed for? The course is designed
for developers and web application administrators who want to understand the
attackers´ procedures during the web applications attacks. We will try out the
procedures of attackers, in which the server and databases are compromised, on
many practical examples.
The procedures discussed in this course target primarily
on Apache, PHP, and MySQL technologies. However, even if presented principles
can often be applied to other technologies, we particularly recommend attending
the course to anyone who wants to get familiar with the common practices of
attackers of web applications and servers. We also recommend it to anyone who
wants to acquire the right security habits in the development and administration
of web applications and servers.
What will you learn by taking this course? Our unique
course "Webhacking in practice 2 - Attacks against servers" will allow you to
understand and, most importantly, try out the methods commonly used by attackers
on practical examples. During the course, we will explain everything you need to
know to defend against these security threats.
Required skills Anyone with basic knowledge of HTTP,
HTML and SQL can join the course.
Teaching methods Expert interpretation with practical
examples, practise on PC.
Teaching materials Powerpoint handouts and module
printouts.
»»
Course outline
Environmental research
Identification of technologies used
Web Crawling / Spidering
Search for non-public sources
Repositories
Open Directory listing
IIS Tilde File Enumerate
Apache Multiviews File Enumerate
HTTP methods
Exploitation of used technologies
Guessing
Search for exploits
Use of exploits
Post-exploitation
Shelly
Vulnerabilities and SSL attacks
Vulnerabilities of individual encryption
algorithms
Heartbleed
Poodle
BEAST
CRIME
BREACH
and others..
Attacks on the database
Missing / Insufficient authorization
Direct access to objects
Data leakage during redirect
Forced Browsing
Attacks on the database
Union-Based SQL injection
Boolean-Based SQL injection
Error-Based SQL injection
Time-Based SQL injection
Stacked SQL injection
Stored / Second-order SQL injection
DNS exfiltration
Multibyte SQL injection
SQL injection via binary hash
Local File Disclosure via SQL injection
Command execute via SQL injection
SQL Truncation
Hash cracking
Hashing algorithms
Salting hashes
Hash cracking
Brute Force / Dictionary attack / Rainbow tables
Vulnerabilities of XML parsers
Denial of Services via XML
Local File Disclosure via XML
Command Execution via XML
XML injection
LDAP injection
XPATH injection
Code Execution
Unsecured upload
Unsecured download
Local File Disclosure
Remote File Inclusion (RFI)
Local File Inclusion (LFI)
LFI via file upload
LFI via session storage
LFI via environment
LFI via log
LFI via phpinfo
Function Injection
PHP Object Injection
Code Execution
Command Execution
WebDav and misusage of HTTP methods
PHP-CGI vulnerability
SSI Injection
We will go through other attacks as well...
Misuse of the webserver as a proxy
HTTP request smuggling
Privilege escalation / authorization bypass through
cookies
Produkt do wishlistu může přidat pouze přihlášený uživatel. Pokud chcete přidat produkt do svého wishlistu, přihlašte se prosím.
Cookie Settings
Here you can choose your preferred cookie settings by category.
Technically Necessary Cookies
These are indispensable in order for a web and all of its functions to perform correctly. Their tasks include among other things: storage of items in a shopping cart, filter application, [...]
These are indispensable in order for a web and all of its functions to perform correctly. Their tasks include among other things: storage of items in a shopping cart, filter application, shopping process, saving settings and making sure the website displays correctly in your browser. Without these cookies you would not be able to view our page, therefore they cannot be deactivated.
Show moreShow less
Analytical cookies
Analytical cookies allow us to measure the performance of our website and campaigns. We use them to determine the number of visits to our website and where they originate. Data acquired through [...]
Analytical cookies allow us to measure the performance of our website and campaigns. We use them to determine the number of visits to our website and where they originate. Data acquired through these cookies is stored cumulatively without identifiers which would denote individual users.
Show moreShow less
Personalised Cookie Files
Personalised cookies allow us to process data regarding your behaviour on our website. We use them in order to customise the content of our page, as well as our offers, directly to you and your [...]
Personalised cookies allow us to process data regarding your behaviour on our website. We use them in order to customise the content of our page, as well as our offers, directly to you and your needs and interests. Thanks to them, we can avoid offering unnecessary information such as irrelevant product suggestions or unhelpful special deals.
Show moreShow less
Marketing Cookies
Marketing cookies help us offer you only such content and advertisements, which can actually be useful to you. This goes for our website as well as any other websites you like to visit. Based [...]
Marketing cookies help us offer you only such content and advertisements, which can actually be useful to you. This goes for our website as well as any other websites you like to visit. Based on this information, we can usually not identify you as an individual, all the data is related only to the specific device.
GOPAS IT School needs your consent with the use of cookies. Cookie use allows you to make the most of your visit to our website and helps us continually improve it. Cookies enable us to offer users targeted content, which is why we work with select partners (e.g. Google). More information and setting options can be found under “Settings” and in Cookie Management.
