Bảo mật ứng dụng web


Nội dung và mục tiêu khóa học

- Bảo mật ứng dụng Web là chủ đề được rất nhiều cơ quan, tổ chức quan tâm ví dụ như làm cách nào để phòng chống tấn công SQL Injection, hay ngăn ngừa cơ chế Side Wiki của Google để đề phòng bị các spammer nói xấu về trang web của tổ chức. Để có thể trang bị những kiến thức phòng ngừa và bảo vệ cho ứng dụng Web thì nhà quản trị cần nắm vững các phương thức mà attacker thường hay sử dụng để khai thác, tấn công các ứng dụng web của mình, qua đó có thể đưa ra giải pháp gia cố, bảo mật thích hợp nhất.

- Kết thúc khóa học học viên sẽ được trang bị đầy đủ các kỹ năng về phòng chống, bảo vệ ứng dụng web trước các cuộc tấn công thông dụng. Bên cạng đó khóa học còn cung cấp những kiến thức về các mối đe dọa tiềm tàng, những cách thức tấn công mà các hacker thường sử dụng để tấn công các ứng dụng Web.

Thời lượng: 05 ngày

Nội dung chi tiết:

1.  Hacking Web Apps

What Is Web Application Hardening?

  • GUI Web Hacking And Hardening
  • URI Hacking And Hardening
  • Methods, Headers, and Body
  • Resources
  • Authentication, Sessions, and Authorization
  • The Web Client and HTML
  • Other Protocols

Why Hardening And Attack Web Applications?

  • Who, When, and Where?
  • Weak Spots

How Are Web Apps Attacked?

  • The Web Browser
  • Browser Extensions
  • HTTP Proxies
  • Command-line Tools
  • Older Tools

2. Profiling

Infrastructure Profiling

  • Footprinting and Scanning: Defining Scope
  • Basic Banner Grabbing
  • Advanced HTTP Fingerprinting
  • Infrastructure Intermediaries

Application Profiling

  • Manual Inspection
  • Using Search Tools for Profiling
  • Automated Web Crawling
  • Common Web Application Profiles

General Countermeasures

  • A Cautionary Note
  • Protecting Directories
  • Protecting include Files
  • Miscellaneous Tips

3. Hacking And Hardening Web Platforms

  • Point-and-click Exploitation Using Metasploit
  • Manual Exploitation
  • Evading Detection
  • Web Platform Security Best Practices
  • Common Best Practices
  • IIS Hardening
  • Apache Hardening
  • PHP Best Practices

4 . Attacking And Hardening Web Authentication

Web Authentication Threats

  • Username/Password Threats
  • Strong(er) Web Authentication
  • Web Authentication Services

Bypassing Authentication

  • Token Replay
  • Identity Management
  • Client-side Piggybacking
  • Some Final Thoughts: Identity Theft

5. Hardening And Attacking Web Authorization

  • Crawling ACLs
  • Identifying Access/Session Tokens
  • Analyzing Session Tokens
  • Differential Analysis
  • Role Matrix
  • Attacking ACLs
  • Manual Prediction
  • Automated Prediction
  • Capture/Replay
  • Session Fixation

Authorization Attack Case Studies

  • Horizontal Privilege Escalation
  • Vertical Privilege Escalation
  • Differential Analysis
  • Using Curl to Map Permissions

Authorization Best Practices

  • Web ACL Best Practices
  • Web Authorization/Session Token Security
  • Security Logs

6.  Input Validation Attacks

  • Expect the Unexpected
  • Where to Find Attack Vectors
  • Bypass Client-side Validation Routines
  • Common Input Validation Attacks
  • Buffer Overflow
  • Canonicalization (dot-dot-slash)
  • HTML Injection
  • Boundary Checks
  • Manipulate Application Behavior
  • SQL Injection and Datastore Attacks
  • Command Execution
  • Encoding Abuse
  • PHP Global Variables
  • Common Side-effects

7. Attacking And Hardening Web Datastores

SQL Primer

  • Syntax
  • SQL Injection Discovery
  • Syntax and Errors
  • Semantics and Behavior
  • Alternate Character Encoding
  • Exploit SQL Injection Vulnerabilities
  • Alter a Process
  • Query Alternate Data
  • Platforms

Other Datastore Attacks

  • Input Validation
  • Decouple Query Logic from Query Data
  • Database Encryption
  • Database Configuration

8 .Attacking And Hardening XML Web Services

What Is a Web Service?

  • Transport: SOAP Over HTTP(S)
  • WSDL
  • Directory Services: UDDI and DISCO
  • Similarities to Web Application Security
  • Attacking Web Services
  • Web Service Security Basics
  • Web Services Security Measures

9.  Attacking And Hardening Web Application Management

Remote Server Management

  • Telnet
  • SSH
  • Proprietary Management Ports
  • Other Administration Services

Web Content Management

  • FTP
  • SSH/scp
  • FrontPage
  • WebDAV

Admin Misconfigurations

  • Unnecessary Web Server Extensions
  • Information Leakage

Developer-driven Mistakes

10.  Hacking And Hardening Web Clients

  • Exploits
  • Trickery
  • General Countermeasures
  • IE Security Zones
  • Firefox Secure Configuration
  • Low-privilege Browsing
  • Server-side Countermeasures

11. Denial-of-Service (DoS) Attacks And Defence

  • Common DoS Attack Techniques
  • Old School DoS: Vulnerabilities
  • Modern DoS: Capacity Depletion
  • Application-layer DoS
  • General DoS Countermeasures
  • Proactive DoS Mitigation
  • Detecting DoS
  • Responding to DoS

12.  Full-Knowledge Analysis

Threat Modeling

  • Clarify Security Objectives
  • Identify Assets
  • Architecture Overview
  • Decompose the Application
  • Identify and Document Threats
  • Rank the Threats
  • Develop Threat Mitigation Strategies

Code Review

  • Manual Source Code Review
  • Automated Source Code Review
  • Binary Analysis

Security Testing of Web App Code

  • Fuzzing
  • Test Tools, Utilities, and Harnesses
  • Pen-testing

Security in the Web Development Process

  • People
  • Process
  • Technology

13.  Web Application Security Scanners

Technology: Web App Security Scanners

  • The Testbed
  • The Tests
  • Reviews of Individual Scanners
  • Overall Test Results

Non-technical Issues

  • Process
  • People

Bình luận