Atur jumlah dan catatan
Stok Total: Sisa 10
Subtotal
Rp900.000
NotSoSecure - Attacking Injection Flaws Masterclass
Rp900.000
- Kondisi: Baru
- Min. Pemesanan: 1 Buah
- Etalase: NotSoSecure
Injection flaws have dominated web application vulnerability lists since time immemorial. And despite OWASP reducing their ranking from 1 to 3, they are still one of the most devastating web application vulnerabilities. Efforts have been made for years to secure applications against related attacks, from new frameworks to new defensive techniques. A lot has been done, but is it enough? This course enables you to walk through dozens of hacklabs and learn how – despite defensive efforts – injection flaws persist, with drastic effects on application security.
Get into the attacker mindset for 2 days and deploy over 30 fresh and novel injection attacks via our state-of-the-art hacklabs. This practical course is packed with information and delivered by professional penetration testers, well-versed in web hacking from their years of experience in the wild. By the time you leave, you’ll understand how to deploy attacks using complex injection flaws.
NotSoSecure - Attacking Injection Flaws Masterclass
Size: 10.8 GB
Contains: 24 Files, 5 Folders
Course details:
Learning – 30% theory, 70% practical
Real-world-led theory sessions + technical challenges followed by trainer-led walkthrough
Includes a personal progress tracker to support learning at your own pace
Access to a custom Kali Linux image, fully loaded with plugins, tools, and other features to help you identify and exploit vulnerabilities
Designed for practical application and to support studies for accreditations
Course Content.
1. Introduction to Burp Features
2. Structured Query Language (SQL) injection masterclass
- Second-order injection
- Out-of-band (OOB) exploitation
- SQLi through crypto
- OS code execution via PowerShell
- Advanced topics in SQli
- Advanced SQLMap usage and web application firewall (WAF) bypass
- Pentesting GraphQL
- Introspection-based attacks on GraphQL
- SQL injection via file metadata
3. Extensible Markup Language (XML) external entity (XXE) attack
- XXE Basics
- Advanced XXE exploitation over OOB channels
- XXE through Security Assertion Markup Language (SAML)
- XXE in file parsing/uploads
- XXE via XInclude
4. Remote Code Execution (RCE)
- Java serialisation attack
- Binary
- XML
- JSON
- SerialVersionUID mismatch
- .Net serialisation attack
- PHP serialisation attack
- Python serialisation attack
5. Server-side template injection
- Ruby injection
- Analysing CVE-2021-25770
- Exploiting code injection over OOB channels
- Exploiting misconfigured code control systems
- Server-Side Request Forgery (SSRF)
- SSRF to query internal network
- SSRF to exploit templates and extensions
- SSRF filter bypass techniques
- SSRF exploitation in AWS
- Examples from in the wild ( Case Studies )
6. Miscellaneous injections
- Host header validation bypass
- HTTP parameter pollution (HPP)
- Advanced SAML injection
- Attacking Log4j to achieve RCE (Log4Shell CVE-2021-44228)
- Examples from the Wild ( Case Studies )
FOR EDUCATION PURPOSE ONLY!
Get into the attacker mindset for 2 days and deploy over 30 fresh and novel injection attacks via our state-of-the-art hacklabs. This practical course is packed with information and delivered by professional penetration testers, well-versed in web hacking from their years of experience in the wild. By the time you leave, you’ll understand how to deploy attacks using complex injection flaws.
NotSoSecure - Attacking Injection Flaws Masterclass
Size: 10.8 GB
Contains: 24 Files, 5 Folders
Course details:
Learning – 30% theory, 70% practical
Real-world-led theory sessions + technical challenges followed by trainer-led walkthrough
Includes a personal progress tracker to support learning at your own pace
Access to a custom Kali Linux image, fully loaded with plugins, tools, and other features to help you identify and exploit vulnerabilities
Designed for practical application and to support studies for accreditations
Course Content.
1. Introduction to Burp Features
2. Structured Query Language (SQL) injection masterclass
- Second-order injection
- Out-of-band (OOB) exploitation
- SQLi through crypto
- OS code execution via PowerShell
- Advanced topics in SQli
- Advanced SQLMap usage and web application firewall (WAF) bypass
- Pentesting GraphQL
- Introspection-based attacks on GraphQL
- SQL injection via file metadata
3. Extensible Markup Language (XML) external entity (XXE) attack
- XXE Basics
- Advanced XXE exploitation over OOB channels
- XXE through Security Assertion Markup Language (SAML)
- XXE in file parsing/uploads
- XXE via XInclude
4. Remote Code Execution (RCE)
- Java serialisation attack
- Binary
- XML
- JSON
- SerialVersionUID mismatch
- .Net serialisation attack
- PHP serialisation attack
- Python serialisation attack
5. Server-side template injection
- Ruby injection
- Analysing CVE-2021-25770
- Exploiting code injection over OOB channels
- Exploiting misconfigured code control systems
- Server-Side Request Forgery (SSRF)
- SSRF to query internal network
- SSRF to exploit templates and extensions
- SSRF filter bypass techniques
- SSRF exploitation in AWS
- Examples from in the wild ( Case Studies )
6. Miscellaneous injections
- Host header validation bypass
- HTTP parameter pollution (HPP)
- Advanced SAML injection
- Attacking Log4j to achieve RCE (Log4Shell CVE-2021-44228)
- Examples from the Wild ( Case Studies )
FOR EDUCATION PURPOSE ONLY!
Ada masalah dengan produk ini?
ULASAN PEMBELI
Belum ada ulasan untuk produk ini
Beli produk ini dan jadilah yang pertama memberikan ulasan