کاربر گرامی، برای دانلود فایل ها از طریق این لینک در وبسایت ثبت نام بفرمایید.
  • Home You searched for xxe

xxe

دوره Attacking Injection Flaws Masterclass – Edition 2022

Injection flaws have dominated web application vulnerability lists since time immemorial. And despite OWASP reducing their ranking from 1 to 3, they are still one of the most devastating web application vulnerabilities. Efforts have been made for years to secure applications against related attacks, from new frameworks to new defensive techniques. A lot has been done, but is it enough? This course enables you to walk through dozens of hacklabs and learn how – despite defensive efforts – injection flaws persist, with drastic effects on application security. Get into the attacker mindset for 2 days and deploy over 30 fresh and novel injection attacks via our state-of-the-art hacklabs. This practical course is packed with information and delivered by professional penetration testers, well-versed in web hacking from their years of experience in the wild. By the time you leave, you’ll understand how to deploy attacks using complex injection flaws. This course will be delivered virtually.

ادامه مطلب

دوره WEB-200: Foundational Web Application Assessments with Kali Linux

Learn the foundations of web application assessments with Foundational Web Application Assessments with Kali Linux (WEB-200). Learners who complete the course and pass the exam will earn the OffSec Web Assessor (OSWA) certification and will demonstrate their ability to leverage web exploitation techniques on modern applications. This course teaches learners how to discover and exploit common web vulnerabilities and how to exfiltrate sensitive data from target web applications. Learners that complete the course will obtain a wide variety of skill sets and competencies for web app assessments.

Syllabus

  • Tools for the Web Assessor
  • Cross-Site Scripting (XSS) Introduction, Discovery, Exploitation and Case Study
  • Cross-Site Request Forgery (CSRF)
  • Exploiting CORS Misconfigurations
  • Database Enumeration
  • SQL Injection (SQLi)
  • Directory Traversal
  • XML External Entity (XXE) Processing
  • Server-Side Template Injection (SSTI)
  • Server-Side Request Forgery (SSRF)
  • Command Injection
  • Insecure Direct Object Referencing
  • Assembling the Pieces: Web Application Assessment Breakdown

WEB-200: Foundational Web Application Assessments with Kali Linux

ادامه مطلب

دوره SEC542: Web App Penetration Testing and Ethical Hacking

SEC542 empowers students to quickly evaluate and expose security vulnerabilities in web applications, showcasing the potential business repercussions of exploitation. Gain practical experience in exploiting web apps within your enterprise, mastering attackers’ tools and methods. Through hands-on exercises you will learn a best practice process for web application penetration testing, inject SQL into back-end databases to learn how attackers exfiltrate sensitive data, and utilize cross-site scripting attacks to dominate a target infrastructure. 30+ Hands-on Labs

Syllabus

SEC542.1: Introduction and Information Gathering
SEC542.2: Fuzzing, Scanning, Authentication, and Session Testing
SEC542.3: Injection
SEC542.4: XSS, SSRF, and XXE
SEC542.5: CSRF, Logic Flaws and Advanced Tools
SEC542.6: Capture the Flag

SEC542: Web App Penetration Testing and Ethical Hacking

ادامه مطلب

جستجو در سایت