Web Security Engineer (Advanced) curriculum

Principle and utilization of 01-SQL injection vulnerability

Pre-Knowledge:

Learn about the HTTP protocol and learn about common databases, scripting languages, and middleware. Basic programming Language Foundation.

Lesson outline:

Chapter One: SQL Injection basics
1.1 Web Application Architecture Analysis
1.2 Sqli Injection Environment construction
1.3 SQL Injection Principle Analysis
1.4 MySQL Injection method logic operation and common functions
1.5 SQL Injection Process
1.6 SQL Manual Injection method

Chapter Two: SQL injection syntax types
2.1 Union Union query injection
2.2 Update Injection
2.3 Insert Injection
2.4 oder by injection

Chapter III: SQL Blinds
3.1 SQL blind-error injection
3.2 SQL Blind-Boolean blind
3.3 SQL blind-time injection
3.4 Dnslog Blind Note

Fourth: SQL Injection Defense Bypass
4.1 Wide byte injection
4.2 Two-time code injection
4.3 Two injections
4.4 WAF Bypass Principle analysis
4.5 Sqlmap Bypass WAF scripting

The fifth chapter: MSSQL Database Injection
5.1 MSSQL Database Environment construction
5.2 MSSQL Database Injection (i)
5.3 MSSQL Database Injection (II)

Chapter Sixth: Oracle Database injection
6.1 Oracle Database Environment setup
6.2 Oracle Database Injection (i)
6.3 Oracle Database Injection (II)

The seventh chapter: Sqlmap Actual Combat advanced
7.1 Sqlmap Working principle
7.2 Sqlmap Advanced Use Tips

Resources:

"White hat speaks web security"
"Hacker attack and defense technology Treasure-web actual combat article"

02-File Upload vulnerability principle and utilization

Pre-Knowledge:

Understand the principle of file upload, skilled use of Chinese kitchen knives, burpsuite and other tools.

Lesson outline:

Chapter One: File upload vulnerability principle and process
1.1 File Upload Vulnerability principle
1.2 File Upload detection process

Chapter II: Front-end detection bypass
2.1 Browser-side detection bypass
2.2 Commit Message modification detection

Chapter III: Service-side detection bypass
3.1 MIME type detection bypass
3.2 File Content detection bypass
3.3 File name extension detection bypass
3.4 Editor Vulnerability

Fourth chapter: Parsing vulnerabilities
4.1 iis/nginx+php fastcgi Value Error Parsing vulnerability
4.2 Nginx File name Logic Vulnerability (CVE-2013-4547)
4.3 Apache Parsing Vulnerability (misconfiguration)
4.4 IIS 5.x/6.0 Parsing Vulnerability

The fifth chapter: File Upload Advanced utilization
5.1 Picture Redraw
5.2 Phpinfo and the use of file inclusions
5.3 Online Decompression Exploits

The principle and utilization of 03-XSS loophole

Chapter One: XSS basics
Introduction and principle of 1.1 XSS
1.2 Storage-Type XSS combat
1.3 Reflection Type XSS combat
1.4 Dom Type XSS combat
1.5 XSS Assistant Test Tool

Chapter II: XSS Combat and defense mechanism bypass
2.1 Storage Type XSS multi-scene combat and bypass detailed
2.2 Reflection Type XSS multi-scene combat and bypass detailed
2.3 Dom type XSS multi-scene combat and bypass detailed

Chapter III: XSS Advanced
3.1 Electron cross-platform xss-Execution System command
3.2 Possmessage XSS
3.3 Localstorage XSS
3.4 Flash XSS
3.5 Variant XSS: Persistent control
3.6 React XSS

04-Business logic and non-conventional vulnerability principle and utilization

Pre-Knowledge:

familiar with browser Firefox and related development plugin Hackbar, knowledge of XML document.

Lesson outline:

Chapter One: Business logic vulnerabilities
1.1 Permissions Bypass Vulnerability
1.2 Payment Logic Vulnerability
1.3 Password Recovery Vulnerability
1.4 Verification Code Security

Chapter Two: Principle and utilization of unconventional loopholes
The principle and utilization of 2.1 ssrf loophole
The principle and utilization of 2.2 XXe loophole

05-php Code Audits

Pre-Knowledge:

First, install software and environment configuration knowledge
Second, PHP basic grammar knowledge
Third, PHP dangerous function Audit related knowledge
Iv. basic knowledge of PHP auditing methods

Lesson outline:

Chapter One: Code Audit readiness
1.1 Code Audit Environment Preparation

Chapter II: PHP Code Audit Basics
2.1 Audit methods and procedures
2.2 Common INI Configuration
2.3 Common hazard functions and special functions (I.)
2.4 Common dangerous functions and special functions (II.)
Configuration and use of 2.5 xdebug

Chapter III: PHP risk function Audit
3.1 Command Injection
3.2 Audit of installation issues
3.3-SQL Digital Injection
3.4 XSS Background Sensitive operation
3.5 file contains an audit of the vulnerability
3.6 arbitrary file reads
3.7 Ultra vires operation
3.8 Login Password Blast
3.9 Truncation Injection

06-thinkphp Framework Code Audit

Pre-Knowledge:

1. PHP Basic Grammar knowledge
2. Basic knowledge of PHP auditing methods

Lesson outline:

The first chapter: Environment Disposition and cognitive framework
1.1 Environment configuration and cognitive framework

Chapter II: thinkphp Controller Audit
2.1 Thinkphp Controller Audit

Chapter III: SQL Injection Vulnerability Audits
3.1 thinkphp where injection
3.2 thinkphp Table Injection
3.3 thinkphp Field Injection
3.4 thinkphp Alias-union-join Injection
3.5 thinkphp order-group-having Injection
3.6 thinkphp Commnet Injection
3.7 thinkphp Index Injection
3.8 thinkphp Query, execute, aggregate method
3.9 thinkphp Exp Expression injection-1
3.10 thinkphp Exp Expression injection-2
3.11 thinkphp parameter pass-through injection
3.12 thinkphp Combination Injection

Fourth: Other types of vulnerability audits
4.1 thinkphp Logic ultra vires
4.2 thinkphp Template Vulnerability
4.3 thinkphp php tags
4.4 thinkphp Cache Vulnerability
4.5 thinkphp Widget

07-Power and Intranet infiltration

Pre-Knowledge:

Understanding Operating System Permissions Basics
Operating system permission groups and permissions base commands
Database Basics
Kali Basic knowledge
Basic knowledge of infiltration process
Knowledge about intranet information collection

Lesson outline:

Chapter One: The basis of the right to raise
1.1 Summary of rights of reference
1.2 Right to withdraw based on password cracking

Chapter II: The operating system to raise power
2.1 Windows operating system power base
2.2 Windows operating system rights practice
2.3 Linux operating system power base
2.4 Linux operating system power-up practice

Chapter III: Database rights
3.1 SQL Server database exploits and rights to exploit
3.2 MySQL Database vulnerability and right to raise

The fourth chapter: Metasploit exploit and right to withdraw
4.1 Metasploit Basic Knowledge
4.2 Using Metasploit to raise rights

The Fifth chapter: Intranet information Collection
5.1 Intranet information Collection concerns
5.2 Common methods of intranet information collection

The sixth chapter: Intranet Environment Infiltration
6.1 Internal network infiltration thought and method

Resources

Chen Xiaobing "exploit and right to exploit"
The flower is boundless "network black and white"

08-python Safe Programming

Pre-Knowledge:

You need to familiarize yourself with the basic syntax of Python (strings, lists and tuples, conditions and loops, input and output of files, etc.), Understanding Web Foundations (front end, database, etc.) and web security (vulnerability scanning, port blasting, etc.).

Lesson outline:

Chapter One: The application of Python in network security
1.1 The current situation in the field of Python hacking
1.2 What we can do with Python
1.3 Chapter One summary of the course contents

Chapter II: Getting Started with Python security application programming
2.1 Python Regular expression
2.2 Python Web Programming
2.3 Python Multithreading
2.4 Python Network programming
2.5 Python Database programming
2.6 Chapter II Summary of course contents

Chapter III: Python crawler technology implementation
Introduction to the 3.1 Python crawler beautifulsoup module
Introduction to the 3.2 Python crawler hackhttp module
3.3 Examples of reptiles combining beautifulsoup and hackhttp
3.4 Crawler Multithreading
3.5 Crawler Regular Expressions
3.6 Seebug Reptile Combat (i)
3.7 Seebug Reptile Combat (ii)
3.8 Baidu URL Collection (a)
3.9 Baidu URL Acquisition (ii)
3.10 Proxy IP Address acquisition
3.11 Zoomeye Collection
3.12 Chapter III Summary of course contents

Fourth: Writing Python information collection tools
4.1 High-precision dictionary generation (i)
4.2 High-Precision Dictionary generation (ii)
4.3 Web directory scanner (i)
4.4 Web Directory Scanner (ii)
4.5 c Segment Web Service scan (i)
4.6 C Segment Web service Scan (ii)
4.7 Sub-domain Scan Program (i)
4.8 Sub-domain Scan Program (ii)
4.9 Sub-domain Scanner (iii)
4.10 Sub-domain Scanner (iv)
4.11 Fingerprint identification (i.)
4.12 Fingerprint Identification (ii)
4.13 Summary of the course contents in the fourth chapter

Fifth: Python writing Burpsuite plugin
5.1 Python Writing Burpsuite plugin (i)
5.2 Python Writing Burpsuite plugin (ii)

Resources

Python Grey hat
Python Network data acquisition

09-Internet Enterprise Security Construction

Pre-Knowledge:

Operating System Basics
Directed Programming development knowledge
Familiar with the scanner principle
Understanding the basics of honeypot

Lesson outline:

Chapter One: Security platform construction of enterprise security
1.1 Basic Safety Construction
1.2 Building an open source Siem platform
1.3 Building a large-scale WAF cluster
1.4 Self-built access system

Chapter Two: Data security of enterprise security construction
2.1 Data Leakage Prevention
2.2 Host-side database audits
2.3 Network Layer Database audit

Chapter III: Vulnerability Scanners and honeypot in enterprise security construction
3.1 Vulnerability Scanner
3.2 Honeypot and attack deception

The fourth chapter: Case sharing lesson-promotion and implementation of Internet enterprise Security from 0 to 1
The "Internet Enterprise Security Building" course section describes typical security solutions, and this case sharing lesson is about how to analyze the actual needs of the business, provide the right solutions and drive implementation. From the internal security work of NetEase to promote the real case, involving the security and business dealings how to pose a positive posture, security work how to cut in, how to understand the business security requirements, the introduction of appropriate solutions, and finally implement the results achieved.

Resources

Advanced Guide to Internet Enterprise security
Open Source Secure operations platform: OSSIM Best Practices
Zhaoyan Public Number

Web Security Engineer (Advanced) curriculum