Information Security Course
August 13, 2020 2020-12-24 11:57Information Security Course
-
CHAPTER 1
- SQL injection
- SQL statements
- SQL Queries inside the web application
- Error based SQLi
- Vulnerable dynamic queries
- Classic SQLi
- Blind or interface SQL injection
- DBMS specific SQLi
- Incorrect type handling
- Dumping the database data
- Enumerating database tables
- Exploiting SQL injection
- DEMO in DVWA
- Fingerprinting frameworks and applications
- Third-party add-ons
- Mapping results
- Fingerprinting custom applications
- Burp target crawler
- Mapping the attack surface
- Client-side validation
- Display of user-supplied data
- Redirection
- Access control and login protected pages
- Error messages
- Enumerating resources
- Crawling the website
- Finding hidden files
- Back up and source code
- Relevant information through misconfiguration
- Directory listing
- Log and configuration files
- HTTP verbs and file upload
-
CHAPTER 2
- Bypassing Authorization
- Insecure direct object references
- Best defensive techniques
- Missing function level access control
- Parameter modification
- Vulnerable web application
- Incorrect redirection
- Redirect to protect contents
- Best defensive techniques
- Session-id prediction
- Local file inclusion and path traversal
- Authentication and Authorization
- Introduction
- Authentication vs. Authorization
- Authentication factors
- Single-factor authentication
- Two-factor authentication
- Cross-site scripting
- Basics
- Anatomy of an XSS Exploitation The three types of XSS
- Reflected XSS
- Persistent XSS
-
CHAPTER 3
- Finding XSS
- Finding XSS in PHP code
- XSS Exploitation
- XSS and browsers
- XSS Attacks
- Cookie stealing through XSS
- Defacement
- XSS for advanced phishing attacks
- Mitigation
- Input validation
- Context-Aware output encoding
- Never trust user input
- Common Vulnerabilities
- Credentials over an unencrypted channel
- Inadequate password policy
- Dictionary attacks
- Brute force attacks
- Defending from inadequate password
- Strong password policy
- Storing hashes
- Lockout/Blocking requests
- User enumeration
- Via error messages
- Via website behavior
- Via timing attacks
- Taking advantage of user enumeration
- Default or easily guessable user accounts
- The remember me functionality
- Cache browser method
- Cookie method
- Web storage method
- Best defensives techniques
- Password reset feature
- Easily guessable answers
- Unlimited attempts
- Password reset link
- Logout weakness
- Incorrect session destruction
- CAPTCHA
- Session Security
- The weakness of the session identifier
-
CHAPTER 4
- Session hijacking
- Session hijacking via XSS
- Exploit session hijacking via
- XSS
- Preventing session hijacking via XSS
- PHP
- Java
- .Net
- Session hijacking via
- packet sniffing
- Session hijacking via access to the web
- Session fixation
- Attacks
- Set the session- id
- Force the victim
- Vulnerable web application
- Preventing session fixation
- Cross-site request
- forgeries
- Finding CSRF
- Finding the tokens available in web application
- Creating a demo page
- Finding CSRF in real life
- Exploiting CSRF
- Preventing CSRF
- Clickjacking
- Understanding clickjacking
- Feasibility study
- Case 1:click jacking is possible
- Case 2:clickjacking is not possible
- Building of a malicious web page
- Spreading the malicious link
- Waiting for the victim click
- Best defensive technique
- The old school
- Using HTTP header X-Frame-Options
- Like-jacking in Facebook
- Cursor jacking
-
CHAPTER 5
- HTTP Response splitting
- Typical vulnerable scenario
- XSS through HTTP response splitting
- Bypassing the Same Origin
- Policy
- Attack explained
- Best defensive techniques
- Defense in PHP
- Denial of Services
- Different DoS attacks
- DoS due to the huge number of requests
- DoS due to greedy pages
- Best defensive techniques
- File and Resource Attacks
- Path traversal
- Path convention Encoding
- Best defensive techniques
- File Inclusion vulnerabilities
- Local File Inclusion (LFI)
- Remote File Inclusion (RFI)
- Unrestricted file upload
- Vulnerable web application
- The attack
- Best defensive techniques
- Filtering based on file content