Важное объявление!
У Нас Все раздачи мультитрекерные, при нуле пиров в релизах, можете смело вставать на закачку!
 
Автор Сообщение

HUNTER

Стаж:
4 года 4 месяца
Сообщений:
56783

Репутация: 101

[+] [-]
Вне форума [Профиль] [ЛС]

Ethical Hacking: Hacking Web Applications
Год выпуска: 2015
Производитель: Pluralsight
Сайт производителя: pluralsight.com
Автор: Troy Hunt
Продолжительность: 4:49
Тип раздаваемого материала: Видеоклипы
Язык: Английский
Описание: The security profile of web applications is enormously important when it comes to protecting sensitive customer data, financial records, and reputation. Yet, web applications are frequently the target of malicious actors who seek to destroy these things by exploiting vulnerabilities in the software. Most attacks against web applications exploit well known vulnerabilities for which tried and tested defenses are already well-established. Learning these patterns – both those of the attacker and the defender – is essential for building the capabilities required to properly secure applications on the web today. In this course, we'll look a range of different security paradigms within web applications both conceptually and in practice. They'll be broken down into detail, exploited, and then discussed in the context of how the attacks could have been prevented. This course is part of the Ethical Hacking Series. http://blog.pluralsight.com/learning-path-ethical-hacking

Содержание

Understanding Security in Web Applications
Overview
The State of Web Application Security
Understanding Web Application Security
Query Strings, Routing, and HTTP Verbs
The Discoverability of Client Security Constructs
Protections Offered by Browsers
What the Browser Can't Defend Against
What's Not Covered in This Course
Summary
Reconnaissance and Footprinting
Overview
Spidering with NetSparker
Forced Browsing with Burp Suite
Directory Traversal
Banner Grabbing with Wget
Server Fingerprinting with Nmap
Discovery of Development Artefacts with Acunetix
Discovery of Services via Generated Documentation
Discovering Framework Risks
Identifying Vulnerable Targets with Shodan
Summary
Tampering of Untrusted Data
Overview
OWASP and the Top 10 Web Application Security Risks
Understanding Untrusted Data
Parameter Tampering
Hidden Field Tampering
Mass Assignment Attacks
Cookie Poisoning
Insecure Direct Object References
Defending Against Tampering
Summary
Attacks Involving the Client
Overview
Reflected Cross Site Scripting (XSS)
Persistent Cross Site Scripting (XSS)
Defending Against XSS Attacks
Identifying XSS Risks and Evading Filters
Client Only Validation
Insufficient Transport Layer Security
Cross Site Request Forgery (CSRF)
Summary
Attacks Against Identity Management and Access Controls
Overview
Understanding Weaknesses in Identity Management
Identity Enumeration
Weaknesses in the 'Remember Me' Feature
Resources Missing Access Controls
Insufficient Access Controls
Privilege Elevation
Summary
Denial of Service Attacks
Overview
Understanding DoS
Exploiting Password Resets
Exploiting Account Lockouts
Distributed Denial of Service (DDoS)
Automating DDoS Attacks with LOIC
DDoS as a Service
Features at Risk of a DDoS Attack
Other DDoS Attacks and Mitigations
Summary
Other Attacks on the Server
Overview
Improper Error Handling
Understanding Salted Hashes
Insecure Cryptographic Storage
Unvalidated Redirects and Forwards
Exposed Exceptions Logs with ELMAH
Vulnerabilities in Web Services
Summary
Файлы примеров: присутствуют
Формат видео: MP4
Видео: AVC, 1024x768, 4:3, 15fps, 229kbps
Аудио: AAC, 44.1kHz, 80kbps, stereo

Скриншоты


_________________
Показать сообщения:    

Текущее время: Сегодня 23:10

Часовой пояс: GMT



Вы не можете начинать темы
Вы не можете отвечать на сообщения
Вы не можете редактировать свои сообщения
Вы не можете удалять свои сообщения
Вы не можете голосовать в опросах
Вы не можете прикреплять файлы к сообщениям
Вы не можете скачивать файлы