WEB APPLICATION PENETRATION TESTING EXTREME VERSION 1

Similar documents
WEB APPLICATION PENETRATION TESTING VERSION 2

WAPT in pills: Self-paced, online, flexible access interactive slides. 4+ hours of video materials

PRACTICAL WEB DEFENSE VERSION 1

Web Application Penetration Testing

PRACTICAL NETWORK DEFENSE VERSION 1

WAPTv2 at a glance: Self-paced, online, flexible access interactive slides and 5+ hours of video material. Downloadable material

INCIDENT HANDLING & RESPONSE PROFESSIONAL VERSION 1

Certified Secure Web Application Engineer

CSWAE Certified Secure Web Application Engineer

CNIT 129S: Securing Web Applications. Ch 12: Attacking Users: Cross-Site Scripting (XSS) Part 2

ETHICAL HACKING & COMPUTER FORENSIC SECURITY

Certified Secure Web Application Security Test Checklist

RKN 2015 Application Layer Short Summary

Solutions Business Manager Web Application Security Assessment

Computer Security 3e. Dieter Gollmann. Chapter 18: 1

Application vulnerabilities and defences

Lecture Overview. IN5290 Ethical Hacking

Lecture 6: Web hacking 2, Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Session related attacks

GUI based and very easy to use, no security expertise required. Reporting in both HTML and RTF formats - Click here to view the sample report.

Curso: Ethical Hacking and Countermeasures

PENETRATION TESTING EXTREME VERSION 1

PND at a glance: The World s Premier Online Practical Network Defense course. Self-paced, online, flexible access

HTML5 Web Security. Thomas Röthlisberger IT Security Analyst

COMP9321 Web Application Engineering

AURA ACADEMY Training With Expertised Faculty Call Us On For Free Demo

GOING WHERE NO WAFS HAVE GONE BEFORE

Advanced Ethical Hacking & Penetration Testing. Ethical Hacking

Module 1: Penetration Testing Planning and Scoping. Module 2: Basic Usage of Linux and its services

Web Application Security. Philippe Bogaerts

Application security : going quicker

EasyCrypt passes an independent security audit

Ethical Hacking and Prevention

Web Application Vulnerabilities: OWASP Top 10 Revisited

CIS 4360 Secure Computer Systems XSS

CNIT 129S: Securing Web Applications. Ch 10: Attacking Back-End Components

01/02/2014 SECURITY ASSESSMENT METHODOLOGIES SENSEPOST 2014 ALL RIGHTS RESERVED

Common Websites Security Issues. Ziv Perry

Content Security Policy

CNIT 129S: Securing Web Applications. Ch 3: Web Application Technologies

Web basics: HTTP cookies

HTML5 Web Security. Thomas Röthlisberger IT Security Analyst

WHY CSRF WORKS. Implicit authentication by Web browsers

How is state managed in HTTP sessions. Web basics: HTTP cookies. Hidden fields (2) The principle. Disadvantage of this approach

Advanced Diploma on Information Security

Penetration Testing with Kali Linux

SensePost Training Overview 2011/2012

Web basics: HTTP cookies

CSC 482/582: Computer Security. Cross-Site Security

OWASP Top 10. Copyright 2017 Ergon Informatik AG 2/13

CHAPTER 8 CONCLUSION AND FUTURE ENHANCEMENTS

Advanced Web Technology 10) XSS, CSRF and SQL Injection

Application Security through a Hacker s Eyes James Walden Northern Kentucky University

Hacking Intranet Websites from the Outside

DIS10.1 Ethical Hacking and Countermeasures

Excerpts of Web Application Security focusing on Data Validation. adapted for F.I.S.T. 2004, Frankfurt

High -Tech Bridge s Web Server Security Service API Developer Documentation Version v1.3 February 13 th 2018

Certified Secure Web Application Secure Development Checklist

Ethical Hacking and Countermeasures: Web Applications, Second Edition. Chapter 3 Web Application Vulnerabilities

Web Security, Summer Term 2012

Human vs Artificial intelligence Battle of Trust

WEB SECURITY: XSS & CSRF

Cyber Security & Ethical Hacking Training. Introduction to Cyber Security Introduction to Cyber Security. Linux Operating System and Networking: LINUX

Course 834 EC-Council Certified Secure Programmer Java (ECSP)

(System) Integrity attacks System Abuse, Malicious File upload, SQL Injection

Web security: an introduction to attack techniques and defense methods

Information Security CS 526 Topic 11

Base64 The Security Killer

Security. CSC309 TA: Sukwon Oh

Finding Vulnerabilities in Web Applications

COMP9321 Web Application Engineering

PROBLEMS IN PRACTICE: THE WEB MICHAEL ROITZSCH

BIG-IP Application Security Manager : Attack and Bot Signatures. Version 13.0

CSE361 Web Security. Attacks against the client-side of web applications. Nick Nikiforakis

Web Security. Thierry Sans

COMP9321 Web Application Engineering

86% of websites has at least 1 vulnerability and an average of 56 per website WhiteHat Security Statistics Report 2013

Audience. Pre-Requisites

Penetration Test Report

Computer Forensics: Investigating Network Intrusions and Cyber Crime, 2nd Edition. Chapter 3 Investigating Web Attacks

DIS10.1:Ethical Hacking and Countermeasures

Attacks Against Websites 3 The OWASP Top 10. Tom Chothia Computer Security, Lecture 14

Advanced Penetration Testing The Ultimate Penetration Testing Standard

Founded the web application security lab

C1: Define Security Requirements

Application Security Introduction. Tara Gu IBM Product Security Incident Response Team

Web Vulnerabilities. And The People Who Love Them

CIS 700/002 : Special Topics : OWASP ZED (ZAP)

Hacking Our Way to Better Security: Lessons from a Web Application Penetration Test. Tyler Rasmussen Mercer Engineer Research Center

Configuring BIG-IP ASM v12.1 Application Security Manager

Scan Report Executive Summary

Web Penetration Testing

CROSS SIIE SCRIPIING EXPlOITS AND DEFENSE

CPTE: Certified Penetration Testing Engineer

Information Security CS 526 Topic 8

Attacks Against Websites. Tom Chothia Computer Security, Lecture 11

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

SQL Injection Attacks and Defense

CSE 484 / CSE M 584: Computer Security and Privacy. Web Security. Autumn Tadayoshi (Yoshi) Kohno

Robust Defenses for Cross-Site Request Forgery Review

Acknowledgments... xix

Transcription:

WEB APPLICATION PENETRATION TESTING EXTREME VERSION 1 The most advanced course on web application penetration testing elearnsecurity has been chosen by students in over 140 countries in the world and by leading organizations such as:

INTRODUCTION COURSE DESCRIPTION Web Application Penetration Testing extreme is a practical online course on the most advanced web application penetration testing techniques. This training course is tied to Hera Lab where students will access a number of laboratories for each learning module. PRE-REQUISITES This is an advanced course that requires the following pre-requisites: Deep understanding of HTML, HTTP, Server-side languages, XML, JavaScript. Good understanding and practical proficiency of XSS, XSRF, SQLi and basic HTML5 attacks. Ability to read and understand PHP code will help, although not mandatory Basic development skills The elearnsecurity WAPT course provides most of the above pre-requisites. WHO SHOULD TAKE THIS COURSE? WAPTX course is primarily geared towards: Penetration Testers Web Developers IT Security professionals with a technical background HOW AM I GOING TO LEARN THIS? elearnsecurity courses are very interactive, addictive, and presents content in such a way that it appeals to all learning styles. During this training course, you will have to deal with several guided labs, that will provide you with relevant and hands-on practical application experience. Every module comes with videos, and practical lessons so do not expect the outdated way of learning by just reading pages of theoretical methodologies.

INTRODUCTION WILL I GET A CERTIFICATE? Once you satisfy the requirements of the final practical certification test, you will be awarded an elearnsecurity Web Penetration Tester extreme certificate and will hold the ewptx certification. INTRODUCTION ORGANIZATION OF CONTENTS The WAPTX is a follow up of the WAPT course, but at an extreme level. This course brings students into a new world of advanced exploitation techniques using realworld scenarios all served with challenging and extremely hands-on laboratories in which to put the covered techniques into practice. Module 1: Encoding and Filtering Module 2: Evasion Basic Module 3: Cross-Site Scripting Module 4: XSS Filter Evasion and WAF Bypassing Module 5: Cross-Site Request Forgery Module 6: HTML 5 Module 7: SQL Injections Module 8: SQLi Filter Evasion and WAF Bypassing Module 9: XML Attacks

MODULE 1: ENCODING AND FILTERING This module is not just another module on encoding. It provides some esoteric encoding skills that will be helpful during the rest of the course. Understanding what kind of data encoding is used and how it works is fundamental and ensures that the tests are performed as intended, which is why this module starts with the basic concept of data encoding. The following section is about filtering basics, starting from a brief introduction on how to deal with regular expression, to understanding how to detect, fingerprint and evade web application firewalls. We conclude by analyzing the most common clientside defensive mechanism. 1. Introduction 1.1. Data encoding basics 1.1.1. Dissecting encoding types 1.1.1.1. URL Encoding 1.1.1.2. HTML Encoding Document character encoding Character references 1.1.1.3. Base (36 64) encoding Base 36 Base 64 1.1.1.4. Unicode encoding 1.1.2. Multiple (De En)codings 1.2. Filtering basics 1.2.1. Regular Expressions 1.2.1.1. Metacharacters 1.2.1.2. Shorthand character classes 1.2.1.3. Non-printing characters 1.2.1.4. Unicode 1.2.2. Web Application Firewall 1.2.2.1. WAF Detection and Fingerprinting 1.2.3. Client-side Filters

MODULE 2: EVASION BASICS This module provides advanced coverage of most modern filter evasion techniques using different client-side and server-side languages. To ensure that you have a complete understanding of filters and encoding, this module introduces the main evasion techniques that start from Base64 and lesserknown URI obfuscation techniques and concludes with JavaScript and PHP obfuscation techniques. 2. Introduction 2.1. Base64 Encoding evasion 2.2. URI Obfuscation techniques 2.2.1. URL shortening 2.2.2. URL Hostname obfuscation 2.3. JavaScript Obfuscation Techniques 2.3.1. JavaScript Encoding 2.3.1.1. Non-alphanumeric 2.3.2. JavaScript Compressing 2.3.2.1. Minifying 2.3.2.2. Packing 2.4. PHP Obfuscation Techniques 2.4.1. Basic Language Reference 2.4.1.1. Type Juggling 2.4.1.2. Numerical Data types 2.4.1.3. String Data types 2.4.1.4. Array Data types 2.4.1.5. Variable Variables 2.4.2. Non-alphanumeric Code 2.4.2.1. String generation 2.4.2.2. Hackvector.co.uk

MODULE 3: CROSS-SITE SCRIPTING This module is entirely dedicated to cross-site scripting attacks. It starts with a brief recap of the different types of XSS and then introduces advanced attacking techniques and exotic XSS vectors. This module covers how to use the most advanced tools available, and exploit any kind of XSS. Hera Labs are included in this module 3. Introduction 3.1. Cross-Site Scripting 3.1.1. Reflected XSS 3.1.2. Persistent XSS 3.1.3. DOM XSS 3.1.4. Universal XSS 3.2. XSS Attacks 3.2.1. Cookie Grabbing 3.2.1.1. Script Injection 3.2.1.2. Cookie Recording & Logging 3.2.1.3. Bypassing HTTPOnly flag Cross-site Tracing (XST) CVE: 2012-0053 BeEF s Tunneling Proxy 3.2.2. Defacements 3.2.2.1. Virtual Defacement 3.2.2.2. Persistent Defacement 3.2.3. Phishing 3.2.4. Keylogging 3.2.4.1. Keylogging with Metasploit 3.2.4.2. Keylogging with BeEF 3.2.5. Network Attacks 3.2.5.1. IP detection 3.2.5.2. Subnet detection 3.2.5.3. Ping Sweeping 3.2.5.4. Port Scanning Simple Port Scanner HTML5 alternatives 3.2.6. Self-XSS

3.2.6.1. Browsers security measures Chromium-based browser Mozilla Firefox-based browser Internet Explorer Safari 3.2.6.2. JavaScript console limitations 3.3. Exotic XSS Vectors 3.3.1. Mutation-based XSS 3.3.1.1. mxss Examples 3.3.1.2. mxss Multiple MODULE 4: XSS FILTER EVASION AND WAF BYPASSING In this module, the student will learn about advanced filter evasion and WAF bypassing techniques. Starting from simple blacklisting filters, the student will go through different mechanisms to bypass common input sanitization techniques, browser filters and much more. The student will not only find a number of well-known vectors but will also understand how to find new ones. At the end of this module, the student will be able to recognize the presence of WAF s and filters and implement effective bypassing techniques. Hera Labs are included in this module 4. Introduction 4.1. Bypassing Blacklisting Filters 4.1.1. Injecting Script Code 4.1.1.1. Bypassing weak <script> tag banning 4.1.1.2. ModSecurity > Script tag based XSS 4.1.1.3. Beyond <script> tag Using HTML attributes 4.1.2. Keyword based filter 4.1.2.1. Character escaping Unicode Decimal, Octal, Hexadecimal 4.1.2.2. Constructing Strings 4.1.2.3. Execution Sinks 4.1.2.4. Pseudo-protocols Data

Vbscript 4.2. Bypassing Sanitization 4.2.1. String Manipulations 4.2.1.1. Removing HTML Tags 4.2.1.2. Escaping Quotes 4.2.1.3. Escape Parenthesis 4.3. Bypassing Browser Filters 4.3.1. (Un)Filtered Scenarios 4.3.1.1. Injecting inside HTML attributes 4.3.1.2. Injecting inside SCRIPT tag 4.3.1.3. Injecting inside event attributes 4.3.1.4. DOM Based 4.3.1.5. Other scenarios MODULE 5: CROSS-SITE REQUEST FORGERY This module is entirely dedicated to cross-site request forgery attacks. It begins with a brief recap of the basics of this vulnerability and then introduces the main attacking techniques and vectors. During this module, we will start with how to exploit weak Anti-CSRF mechanisms and conclude with advanced exploitation techniques Hera Labs are included in this module 5. Introduction 5.1. XSRF: Recap & More 5.1.1. Vulnerable scenario 5.2. Attack Vectors 5.2.1. Force Browsing with GET 5.2.1.1. Example: Change email address 5.2.2. Post Requests 5.2.2.1. Auto-submitting from > v1 5.2.2.2. Auto-submitting form > v2 5.3. Exploiting Weak Anti-CSRF Measures 5.3.1. Using Post-only requests 5.3.2. Multi-Step Transactions 5.3.3. Checking Referer Header 5.3.4. Predictable Anti-CSRF token 5.3.5. Unverified Anti-CSRF token 5.3.6. Secret Cookies 5.4. Advanced CSRF Exploitation

5.4.1. Bypassing CSRF defenses with XSS 5.4.1.1. Bypassing Anti-CSRF Token Request a valid form with a valid token Extract the valid token from the source code Forge the form with the stolen token 5.4.2. Bypassing Anti-CSRF Token Brute MODULE 6: HTML5 This module is entirely dedicated to HTML5 and its new attack vectors. It starts from a recap of this language, analyzing the main features to focus our security research. After that, we will go deep into the main exploitation techniques and attack scenarios. Once the security concerns related to HTML5 features are analyzed, the student will learn about the most common security mechanisms developers use. These are critical in understanding how to leverage even more sophisticated attacks. The module concludes with an analysis of the UI redressing attacks and an overview of related new attack vectors introduced with HTML5. 6. Introduction 6.1. HTML5: Recap & More 6.1.1. Semantics 6.1.1.1. New attack vectors Form Elements Media Elements Semantic/Structural Elements Attributes 6.1.2. Offline & Storage 6.1.2.1. Web Storage > Attack Scenario Session Hijacking 6.1.2.2. Offline Web Application > Attack Scenario 6.1.3. Device Access 6.1.3.1. Geolocation > Attack Scenario 6.1.3.2. Fullscreen mode > Attack Scenario Phishing 6.1.4. Performance, Integration & Connectivity 6.1.4.1. Attack Scenarios 6.2. Exploiting HTML5 6.2.1. CORS Attack Scenario

6.2.1.1. Universal Allow Allow by wildcard value * Allow by server-side 6.2.1.2. Weak Access Control Check Origin Example 6.2.1.3. Intranet Scanning JS-Recon 6.2.1.4. Remote Web Shell The Shell of the Future 6.2.2. Storage Attack Scenarios 6.2.2.1. Web Storage Session Hijacking Cross-directory attacks User Tracking and Confidential Data disclosure 6.2.2.2. IndexedDB IndexedDB vs WebSQL Database 6.2.3. Web Messaging Attack Scenarios 6.2.3.1. Web Messaging DOM XSS Origin Issue 6.2.4. Web Sockets Attack Scenarios 6.2.4.1. Web Sockets Data Validation MiTM Remote Shell Network Reconnaissance 6.2.5. Web Workers Attack Scenarios 6.2.5.1. WebWorkers Browser-Based Botnet Distributed Password Cracking DDoS Attacks 6.3. HTML5 Security Measures 6.3.1. Security Headers 6.3.1.1. X-XSS-Protection 6.3.1.2. X-Frame-Options 6.3.1.3. Strict-Transport-Security 6.3.1.4. X-Content-Type-Options 6.3.1.5. Content Security Policy 6.4. UI Redressing: The x-jacking Art ClickJacking

LikeJacking StrokeJacking 6.4.1. New Attack Vectors in HTML5 6.4.1.1. Drag-and-Drop Text Field Injection Content Extraction MODULE 7: SQL INJECTIONS This module is entirely dedicated to SQL injection attacks, which starts with a brief recap of the main classification of exploitation techniques and then introduces advanced attack techniques on different DBMS s 7. Introduction 7.1. SQL Injection: Recap & More 7.2. Exploiting SQLi 7.2.1. Techniques Classification 7.2.2. Gathering Information from the Environment 7.2.2.1. Identify the DBMS Error Codes Analysis > MySQL Error Codes Analysis > MSSQL Error Codes Analysis > Oracle Banner Grabbing Educated Guessing String Concatenation Numeric Functions SQL Dialect 7.2.2.2. Enumerating the DBMS Content MySQL MSSQL Oracle Tables & Columns Users and Privileges 7.3. Advanced SQLi Exploitation 7.3.1. Out-of-Band Exploitation 7.3.1.1. Alternative OOB Channels 7.3.1.2. OOB vi HTTP Oracle URL_HTTP Package Oracle HTTPURITYPE Package 7.3.1.3. OOB via DNS

DNS Exfiltration Flow Provoking DNS requests MySQL MSSQL Oracle 7.3.2. Exploiting Second-Order SQL Injection 7.3.2.1. First-order example 7.3.2.2. Security Considerations 7.3.2.3. Automation Considerations MODULE 8: SQLi FILTER EVASION AND WAF BYPASSING In this advanced module, the student will learn about advanced filter evasion and WAF bypassing techniques. These foundation skills will be necessary to understand and master further techniques. At the end of this module, the student will be able to recognize the presence of WAF s and filters and implement effective bypassing techniques. Hera Labs are included in this module 8. Introduction 8.1. DBMS gadgets 8.1.1. Functions 8.1.2. Constants and variables 8.1.3. System variables 8.1.4. Typecasting 8.2. Bypassing Keywords filters 8.2.1. Using comments 8.2.2. Case changing 8.2.3. Replaced keywords 8.2.4. Circumventing by Encoding 8.2.5. URL encode 8.2.6. Double URL encode 8.2.7. Characters encoding 8.2.8. Inline comments 8.2.9. Allowed Whitespaces 8.3. Bypassing Functions filters 8.4. Bypassing Regular Expression filters

MODULE 9: XML ATTACKS This module is entirely dedicated to XML attacks, which starts with a recap of this language and then dives into the most modern attacks such as XML Tag Injection, XXE, XEE and XPath Injection. Basic and advanced exploitation techniques are analyzed for each attack. At the end of this module, the student will be able to pentest complex applications using XML. Hera Labs are included in this module 9. Introduction 9.1. XML Attacks: Recap & More 9.1.1. Entities block 9.1.1.1. XML Document with External DTD + Entities 9.2. XML Tag Injection 9.2.1. Testing XML Injection 9.2.1.1. Single/Double Quotes 9.2.1.2. Ampersand 9.2.1.3. Angular parentheses 9.2.1.4. XSS with CDATA 9.3. XML external Entity 9.3.1. Taxonomy 9.3.1.1. External Entities: Private vs. Public 9.3.2. Resource Inclusion 9.3.3. Resource Inclusion Improved 9.3.3.1. Invalid resource to extract 9.3.3.2. CDATA Escape using Parameter Entities 9.3.3.3. php://i/o Stream 9.3.4. Bypassing Access Control 9.3.5. Out-Of-Band Data Retrieval 9.3.5.1. OOB via HTTP 9.3.5.2. OOB via HTTP using XXEServe 9.4. XML Entity Expansion 9.4.1. Recursive Entity Expansion 9.4.1.1. Billion Laugh Attack 9.4.2. Generic Entity Expansion 9.4.2.1. Quadratic Blowup Attack 9.4.3. Remote Entity Expansion

9.5. XPath Injection 9.5.1. XPath 1.0 vs 2.0 9.5.1.1. New Operations and Expressions on Sequences Function on Strings Function accessors FOR Operator Conditional Expression Regular Expression Assemble/Disassemble String 9.5.1.2. Data Types 9.5.2. Advanced XPath Exploitation

We are elearnsecurity. Based in Santa Clara, California, with offices in Pisa, Italy, and Dubai, UAE, Caendra Inc. is a trusted source of IT security skills for IT professionals and corporations of all sizes. Caendra Inc. is the Silicon Valley-based company behind the elearnsecurity brand. elearnsecurity has proven to be a leading innovator in the field of practical security training, with best of breed virtualization technology, in-house projects such as Coliseum Web Application Security Framework and Hera Network Security Lab, which has changed the way students learn and practice new skills. Contact details: www.elearnsecurity.com contactus@elearnsecurity.com

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback