1. 首页
  2. Web Security Testing - Security and Testing of Web Applications using OWASP

Web Security Testing - Security and Testing of Web Applications using OWASP ( owasp | 21 hours )

Prerequisites:
    对 Web 开发生命周期的一般了解 具有 Web 应用程序开发、安全和测试方面的经验。

观众

    开发 人员 工程师 建筑师
Overview:

开放 Web 应用程序安全项目 (OWASP) 是一个在线社区,在 Web 应用程序安全领域创建免费提供的文章、方法、文档、工具和技术。

OWASP 提供 Web 安全测试指南 (WSTG)、框架和工具,用于识别 Web 应用程序和服务中的漏洞

这种由讲师指导的现场培训(现场或远程)面向寻求保护其 Web 应用程序和服务的开发人员、工程师和架构师。

在本次培训结束时,参与者将能够使用 OWASP 测试框架和工具集成、测试、保护和分析其 Web 应用程序和服务

Course Outline:

介绍

探索 OWASP 测试专案

  • 测试原则
  • 测试技术
  • 推导安全测试要求
  • 集成在开发和测试工作流程中的安全测试
  • 安全测试数据分析和报告

使用 OWASP 测试框架

  • 第1阶段:开发开始前
  • 第 2 阶段:在定义和设计期间
  • 第 3 阶段:开发过程中
  • 阶段 4:部署期间
  • 第 5 阶段:维护和运营
  • 典型的生命周期测试工作流程
  • 渗透测试方法

测试 Web Application Security

  • 简介和目标
  • 资讯收集
  • 对资讯泄露进行搜寻引擎发现和侦察
  • 指纹 Web 伺服器
  • 检查 Web 伺服器元档是否存在信息泄露
  • 枚举 Web 伺服器上的应用程式
  • 查看网页内容是否有信息泄露
  • 确定应用程式入口点
  • 通过应用程式映射执行路径
  • 指纹 Web 应用程式框架
  • 指纹 Web 应用程式
  • 映射应用程式体系结构
  • 配置和部署管理测试
  • 测试网路 / 基础设施配置
  • 测试应用程式平台配置
  • 测试敏感资讯的档扩展名处理
  • 查看旧档、备份档和未引用的档中的敏感资讯
  • 列举基础架构和应用程式管理介面
  • 测试 HTTP 方法
  • 测试 HTTP 严格传输安全性
  • 测试 RIA 跨域策略
  • 测试文件许可权
  • 测试子域接管
  • 测试云存储

身份 Management 测试

  • 测试角色定义
  • 测试用户注册流程
  • 测试账户预置流程
  • 测试帐户枚举和可猜测的用户帐户
  • 测试弱使用者名策略或未执行的使用者名策略

身份验证测试

  • 测试通过加密通道传输的凭证
  • 测试预设凭据
  • 测试弱锁定机制
  • 测试绕过身份验证架构
  • 测试易受攻击的 Remember password
  • 测试浏览器快取弱点
  • 测试弱口令策略
  • 测试弱安全问题答案
  • 测试弱密码更改或重置功能
  • 在备用通道中测试较弱的身份验证

授权测试

  • 测试目录遍历/档包含
  • 测试绕过授权架构
  • 测试许可权提升
  • 测试不安全的直接物件引用

会话 Management 测试

  • 测试会话管理架构
  • 测试 Cookie 属性
  • 会话固定测试
  • 测试公开的会话变数
  • 测试跨网站请求伪造
  • 测试注销功能
  • 测试会话超时
  • 测试会话谜题
  • 测试会话劫持

输入验证测试

  • 测试反射式跨站脚本
  • 测试存储的跨网站脚本
  • 测试 HTTP 动词篡改
  • 测试 HTTP 参数污染
  • SQL 注射液测试
  • 测试 Oracle
  • 测试 MySQL
  • 测试 SQL 伺服器
  • 测试 PostgreSQL
  • MS 检测 Access
  • NoSQL 注射液测试
  • ORM 注射测试
  • 客户端测试
  • LDAP 注射液测试
  • XML 注射液测试
  • SSI 注射测试
  • XPath 注射试验
  • 测试 IMAP/SMTP 注入
  • 代码注入测试
  • 测试本地档包含
  • 测试远端档包含
  • 测试命令注入
  • 测试格式字串注入
  • 测试孵化漏洞
  • 测试 HTTP 分割/走私
  • 测试 HTTP 传入请求
  • 测试主机标头注入
  • 伺服器端范本注入测试
  • 伺服器端请求伪造测试

错误处理测试

  • 测试不正确的错误处理
  • 测试堆叠跟踪

弱 Crypto 绘图测试

  • 测试弱传输层安全性
  • 填充测试 Oracle
  • 测试通过未加密通道发送的敏感资讯
  • 弱加密测试

Business 逻辑测试

  • 业务逻辑简介
  • 测试业务逻辑数据验证
  • 测试伪造请求的能力
  • 测试完整性检查
  • 测试进程计时
  • 测试函数可以使用限制的次数
  • 规避工作流程的测试
  • 测试应用程式滥用的防御措施
  • 测试上传意外档类型
  • 测试上传恶意档

客户端测试

  • 测试基于 DOM 的跨网站脚本
  • 测试 JavaScript 执行
  • HTML 注射液测试
  • 测试用户端 URL 重定向
  • CSS 注射液测试
  • 测试客户端资源操作
  • 测试跨域资源分享
  • 测试跨网站刷写
  • 点击劫持测试
  • 测试 WebSockets
  • 测试 Web 消息传递
  • 测试浏览器存储
  • 测试跨网站脚本包含

API Testing

  • 测试 GraphQL

报告

  • 介绍
  • 摘要
  • 发现
  • 附录
Sites Published:

United Arab Emirates - Web Security Testing - Security and Testing of Web Applications using OWASP

Qatar - Web Security Testing - Security and Testing of Web Applications using OWASP

Egypt - Web Security Testing - Security and Testing of Web Applications using OWASP

Saudi Arabia - Web Security Testing - Security and Testing of Web Applications using OWASP

South Africa - Web Security Testing - Security and Testing of Web Applications using OWASP

Brasil - Web Security Testing - Security and Testing of Web Applications using OWASP

Canada - Web Security Testing - Security and Testing of Web Applications using OWASP

中国 - Web Security Testing - Security and Testing of Web Applications using OWASP

香港 - Web Security Testing - Security and Testing of Web Applications using OWASP

澳門 - Web Security Testing - Security and Testing of Web Applications using OWASP

台灣 - Web Security with the OWASP Testing Framework

USA - Web Security Testing - Security and Testing of Web Applications using OWASP

Österreich - Web Security Testing - Security and Testing of Web Applications using OWASP

Schweiz - Web Security Testing - Security and Testing of Web Applications using OWASP

Deutschland - Web Security Testing - Security and Testing of Web Applications using OWASP

Czech Republic - Web Security Testing - Security and Testing of Web Applications using OWASP

Denmark - Web Security Testing - Security and Testing of Web Applications using OWASP

Estonia - Web Security Testing - Security and Testing of Web Applications using OWASP

Finland - Web Security Testing - Security and Testing of Web Applications using OWASP

Greece - Web Security Testing - Security and Testing of Web Applications using OWASP

Magyarország - Web Security Testing - Security and Testing of Web Applications using OWASP

Ireland - Web Security Testing - Security and Testing of Web Applications using OWASP

Israel - Web Security Testing - Security and Testing of Web Applications using OWASP

Luxembourg - Web Security Testing - Security and Testing of Web Applications using OWASP

Latvia - Web Security Testing - Security and Testing of Web Applications using OWASP

España - Web Security Testing - Security and Testing of Web Applications using OWASP

Italia - Web Security with the OWASP Testing Framework

Lithuania - Web Security Testing - Security and Testing of Web Applications using OWASP

Nederland - Web Security Testing - Security and Testing of Web Applications using OWASP

Norway - Web Security Testing - Security and Testing of Web Applications using OWASP

Portugal - Web Security Testing - Security and Testing of Web Applications using OWASP

România - Web Security Testing - Security and Testing of Web Applications using OWASP

Sverige - Web Security Testing - Security and Testing of Web Applications using OWASP

Türkiye - Web Security Testing - Security and Testing of Web Applications using OWASP

Malta - Web Security Testing - Security and Testing of Web Applications using OWASP

Belgique - Web Security Testing - Security and Testing of Web Applications using OWASP

France - Web Security Testing - Security and Testing of Web Applications using OWASP

日本 - Web Security Testing - Security and Testing of Web Applications using OWASP

Australia - Web Security Testing - Security and Testing of Web Applications using OWASP

Malaysia - Web Security Testing - Security and Testing of Web Applications using OWASP

New Zealand - Web Security Testing - Security and Testing of Web Applications using OWASP

Philippines - Web Security Testing - Security and Testing of Web Applications using OWASP

Singapore - Web Security Testing - Security and Testing of Web Applications using OWASP

Thailand - Web Security Testing - Security and Testing of Web Applications using OWASP

Vietnam - Web Security Testing - Security and Testing of Web Applications using OWASP

India - Web Security Testing - Security and Testing of Web Applications using OWASP

Argentina - Web Security Testing - Security and Testing of Web Applications using OWASP

Chile - Web Security Testing - Security and Testing of Web Applications using OWASP

Costa Rica - Web Security Testing - Security and Testing of Web Applications using OWASP

Ecuador - Web Security Testing - Security and Testing of Web Applications using OWASP

Guatemala - Web Security Testing - Security and Testing of Web Applications using OWASP

Colombia - Web Security Testing - Security and Testing of Web Applications using OWASP

México - Web Security Testing - Security and Testing of Web Applications using OWASP

Panama - Web Security Testing - Security and Testing of Web Applications using OWASP

Peru - Web Security Testing - Security and Testing of Web Applications using OWASP

Uruguay - Web Security Testing - Security and Testing of Web Applications using OWASP

Venezuela - Web Security Testing - Security and Testing of Web Applications using OWASP

Polska - Web Security Testing - Bezpieczeństwo i testowanie WebAplikacji przy wykorzystaniu OWASP

United Kingdom - Web Security Testing - Security and Testing of Web Applications using OWASP

South Korea - Web Security Testing - Security and Testing of Web Applications using OWASP

Pakistan - Web Security Testing - Security and Testing of Web Applications using OWASP

Sri Lanka - Web Security Testing - Security and Testing of Web Applications using OWASP

Bulgaria - Web Security Testing - Security and Testing of Web Applications using OWASP

Bolivia - Web Security Testing - Security and Testing of Web Applications using OWASP

Indonesia - Web Security Testing - Security and Testing of Web Applications using OWASP

Kazakhstan - Web Security Testing - Security and Testing of Web Applications using OWASP

Moldova - Web Security Testing - Security and Testing of Web Applications using OWASP

Morocco - Web Security Testing - Security and Testing of Web Applications using OWASP

Tunisia - Web Security Testing - Security and Testing of Web Applications using OWASP

Kuwait - Web Security Testing - Security and Testing of Web Applications using OWASP

Oman - Web Security Testing - Security and Testing of Web Applications using OWASP

Slovakia - Web Security Testing - Security and Testing of Web Applications using OWASP

Kenya - Web Security Testing - Security and Testing of Web Applications using OWASP

Nigeria - Web Security Testing - Security and Testing of Web Applications using OWASP

Botswana - Web Security Testing - Security and Testing of Web Applications using OWASP

Slovenia - Web Security Testing - Security and Testing of Web Applications using OWASP

Croatia - Web Security Testing - Security and Testing of Web Applications using OWASP

Serbia - Web Security Testing - Security and Testing of Web Applications using OWASP

Bhutan - Web Security Testing - Security and Testing of Web Applications using OWASP

Nepal - Web Security Testing - Security and Testing of Web Applications using OWASP