Hacking and Security Vulnerability Management

Overview:

      This training covers a broad domains of security topics including web application security, network security and mobile security. It begins by covering the basic concept of different security domain and move to the threats landscape and security assessment. You will be able to assess the security posture of your digital assets and learn what and how to implement an in-depth defense through the findings. This program is suitable for the industry newcomer or any IT professionals that would like to sharpen your knowledge and strengthen your skills in these security domains.

Duration:  04 days
Objectives:

-       Enables you to understand and demonstrate key concepts of information securityDeploy an ESXi host and create virtual machines

-       Discover the security risks in different security domains

-       Learn to perform vulnerability assessment and identify vulnerabilities of your digital assets

-       Identify best practices that can be used to protect and enhance the security of your network, web and mobile application

-       Enables you to understand the types of security countermeasures available and how they should be applied

Intended Audience:

-       Penetration tester Systems engineers

-       Information security personnel

-       Network administrator

-       Web application developer

-       Mobile application developers and anyone who are responsible in information security and data protection

Course outlines:

A. Web Security

1. Web Application Architecture

  • Introduction
  • Understanding the Web Architecture
  • Getting familiar with web programming languages
  • Information Gathering Techniques

2. HTTP Basics

  • HTTP Request types
  • HTTP Status Codes
  • HTTP Statelessness
  • Netcat
  • Curl

3. Injection

  • Basic Authentication Bypass
  • Union Based SQL Injection
  • Blind SQL Injection
  • SQLMAP for the win
  • SQL Injection Defenses

4. Cross Site Scripting

  • Introduction
  • Reflected XSS
  • Stored XSS
  • DOM based XSS
  • Stealing Session Cookies
  • Running Keyloggers
  • XSS Defenses

5. Cross Site Request Forgery

  • Introduction
  • CSRF in GET requests
  • CSRF in POST requests
  • Identifying and exploiting CSRF
  • OWASP CSRF Tester
  • Defenses

6. Mastering Burp Suite

  • Introduction
  • Configuring BurpSuite
  • Proxy
  • Intruder
  • Scanner
  • Repeater
  • Sequencer
  • Decoder
  • Comparer

7. File Inclusion Attacks

  • Introduction
  • Local File Inclusion
  • Remote File Inclusion
  • Recommendations

B. Network Security

8. Overview of Network Security

  • Introduction
  • Network protocols
  • Network Security threats

9. Target Enumerations and Port Scanning

  • Host Discovery
  • Scanning for open ports
  • Identifying running Services
  • OS Detection
  • Various port-scanning techniques

10. Vulnerability Assessment

  • Introduction
  • Vulnerability Assessment with NMAP
  • Vulnerability Assessment with Nessus

11. Penetration testing with Metasploit

  • Introduction
  • Searching for exploits
  • Exploiting windows XP with Metasploit
  • Exploiting windows 7 with Metasploit
  • Client Side exploits

12. Sniffing

  • Introduction
  • ARP Cache poisoning
  • ARP Poisoning with Cain N Abel
  • MITM with SSL Strip

13. Password Cracking

  • Introduction
  • Types of password cracking techniques
  • Password cracking with Hydra
  • Generating custom password dictionaries

C. Mobile Security

14. Introduction to Android

  • Basics
  • eco system
  • History
  • Various Versions
  • lab setup

15. Android Architecture

  • Introduction
  • Understanding various Layers
  • Dalvik Virtual Machine

16. Android Security Model

  • Android Permission Model
  • Application Sandboxing
  • Inter Process Communication
  • Application Signing
  • Other Security features

17. Android Application Assessments

  • Exploiting vulnerable activities
  • Content Provider leakage
  • SQL Injection
  • Unintended Data leaks
  • Insecure Data Storage

18. Automated Assessments with Drozer

  • Introduction
  • Drozer setup
  • Identifying the attack surface
  • Exploiting SQL Injection
  • Scanning for vulnerabilities

19. Introduction to iOS

  • Basics
  • eco system
  • History
  • Lab setup

20. iOS Security Model

  • Secure Boot Chain
  • App Sandboxing
  • Jail breaking
  • 20.5 Application Signing

21. iOS Application Assessments

  • Insecure Local Storage
  • SQL Injection
  • Unintended Data Leakage
  • Runtime manipulation using Cycript
  • Snoopit

22. Application Cracking and Patching

  • Introduction to Reverse Engineering
  • Introduction to disassemblers
  • Cracking and Patching iOS apps with Hopper
  • Học tại Hồ Chí Minh

  • Học tại Hà Nội

  • Học trực tuyến


Các khóa học khác