Professional Documents
Culture Documents
PWD at a glance:
16 highly educative modules
25+ hrs of video about practical
web application attack and
defense
3000+ interactive slides
20 labs to practice with
Leads to eWDP certification
Aligned with OWASP Testing Guide
and beyond
Most practical, up-to-date and
straight-forward course on Web
Application Defense
SYLLABUS
v1 (25/11/2013)
Course description:
Practical Web Defense (PWD) is a practical course about Web application
defense against real-world attacks. A fully guided and practical course about
how web applications are attacked in the real world and what you can do to
mitigate each and every attack.
We prove to you exactly how each attack works, what the impact of each attack
is, how to fix it, and how the exploit no longer works after the fix. We also give
you fully illustrated practical advice about how to simplify defense and
implement attack mitigations that actually work.
The course will walk you through the process of identifying security issues,
determine how they could be exploited, implement demonstration proof-ofconcept exploits, implement fixes for these security issues and verify that the
fixes work using your proof-of-concept exploits again.
Lessons are highly practical and will provide the knowledge and hands-on
experience necessary to: identify, attack, fix and verify security issues in web
applications.
Our labs will use relatively simple PHP applications and web services that
implement vulnerabilities for all issues in the OWASP Testing Guide so that you
know what the problem looks like in the real-world. At the same time, these
applications are simple enough so that even those without PHP experience will
be able to apply the concepts to their relevant platform. Similarly, penetration
testers without professional development experience are likely to be able to
follow these examples without getting lost. This is particularly true given our
guided Video-Lab course format, which will walk you through every step in the
process.
We will additionally teach you about what to do when you do not have access to
source code or need to secure web applications without being able to change
the code (i.e. until the next release or resources are available) using Virtual
Patching.
PENETRATION TESTERS
DEVELOPERS
Who will learn what they are defending from, how to implement effective
defenses and how to verify if these defenses work.
We cover pretty much everything in the OWASP Testing Guide and in many
cases we go beyond that providing real actionable mitigation advice that you can
use in the real world. This course is practical, we wont bore you with theories
and we hope you have as much fun taking the course as we had writing it.
If you are willing to put the time to learn about practical web application attack
and defense, then this course is for you.
Organization of Contents
The student is provided with a suggested learning path to ensure the maximum
success rate and the minimum effort.
-
INTRODUCTION
1. OWASP ZAP BASICS
1.1. Starting ZAP
1.2. Setting up interception of HTTP
traffic
1.3. Inspecting HTTP traffic
1.4. Spidering a website
1.5. Scanning a website
1.6. HTTP request replay
1.7. Tactical Fuzzing
1.8. Break points: Interactive HTTP
tampering
1.9. ZAP Add-ons
1.10. ZAP User Guide
1.11. Further reading
2. OWASP OWTF BASICS
2.1. Installing OWTF in Kali
2.2. OWTF usage options
2.3. Further reading
3. CURL BASICS
3.1. Starting curl
3.2. Installing lynx
3.3. Basic curl usage
3.4. Further reading
INTRODUCTION
2.1.
2.2.
2.3.
2.4.
2.5.
Introduction
What the problem is
How can I see if I am vulnerable to this?
How can I fix this?
Removing metadata before deploying
to production
2.6. Removing comments before deploying
to production
2.7. Further reading
3. WEB SERVER SOFTWARE IN USE AND
PATCHING
3.1. Introduction
3.2. What the problem is
3.3. How can I see if I am vulnerable to this?
3.4. How can I fix this?
3.5. Patching and mitigation:
3.6. Hiding the software version (Obscurity):
3.7. Further reading
4. SERVICES, PORT SCANNING AND WHOIS - APP
DISCOVERY
4.1. Introduction
4.2. What the problem is
4.3. How can I see if I am vulnerable to this?
4.4. Regular port-scans:
4.5. Regular verification of whois records:
4.6. Regular verification of DNS records
4.7. How can I fix this?
4.8. The minimum number of ports are open on
your web server
4.9. Whois records are generic-enough
INTRODUCTION
1. ADMIN INTERFACES AND DEFAULT
PASSWORDS
1.1. Introduction
1.2. What the problem is
1.3. How can I see if I am vulnerable to this?
1.4. How can I fix this?
1.5. Further reading
2. DATABASE LISTENERS AND CONNECTION
STRINGS
2.1. Introduction
2.2. What the problem is
2.3. How can I see if I am vulnerable to this?
2.4. How can I fix this?
2.5. Further reading
3. ENABLED HTTP METHODS
3.1. Introduction
3.2. What the problem is
3.3. How can I see if I am vulnerable to this?
3.4. How can I fix this?
3.5. Further reading
4. OLD, BACKUP AND UNREFERENCED FILES
4.1. Introduction
4.2. What the problem is
4.3. How can I see if I am vulnerable to this?
4.4. How can I fix this?
4.5. Further reading
5. FILE UPLOADS AND FILE EXTENSION
HANDLING
5.1. Introduction
5.2. What the problem is
5.3. How can I see if I am vulnerable to this?
5.4. How can I fix this?
5.5. Further reading
6. INFRASTRUCTURE AND APPLICATION
CONFIGURATION MANAGEMENT
6.1. Introduction
6.2. What the problem is
10
11
Module 4: Authentication
This module focuses on
specific
defense
tactics
against
authentication
attacks.
Authentication refers to
protection mechanisms of
content that requires to be
logged
into
a
web
application,
common
protections here are login,
forgotten
password
or
multiple
factor
authentication (MFA).
This module, will cover how
these protections may be
attacked and how defenders
can
implement
tactical
protections against these
attacks.
INTRODUCTION
1. CREDENTIALS TRANSPORTED OVER AN ENCRYPTED
CHANNEL
1.1. Introduction
1.2. What the problem is
1.3. How can I see if I am vulnerable to this?
1.4. How can I fix this?
1.5. Further reading
2. USER ENUMERATION AND GUESSABLE ACCOUNTS
2.1. Introduction
2.2. What the problem is
2.3. How can I see if I am vulnerable to this?
2.4. How can I fix this?
2.5. Further reading
3. BRUTE FORCE, DEFAULT CREDENTIALS AND LOCK
OUT
3.1. Introduction
3.2. What the problem is
3.3. How can I see if I am vulnerable to this?
3.4. How can I fix this?
3.5. Further reading
4. BYPASSING THE AUTHENTICATION SCHEMA AND
REMEMBER ME
4.1. Introduction
4.2. What the problem is
4.3. How can I see if I am vulnerable to this?
4.4. How can I fix this?
4.5. Further reading
5. THE BROWSER CACHE AND AUTOCOMPLETE
5.1. Introduction
5.2. What the problem is
5.3. How can I see if I am vulnerable to this?
5.4. How can I fix this?
5.5. Further reading
6. PASSWORD POLICIES
6.1. Introduction
6.2. What the problem is
6.3. How can I see if I am vulnerable to this?
12
13
Module 5: Authorization
INTRODUCTION
This module focuses on specific
defense tactics against authorization
1. PATH TRAVERSAL AND LFI
attacks.
1.1.
1.2.
1.3.
1.4.
1.5.
Introduction
What the problem is
How can I see if I am vulnerable to this?
How can I fix this?
Further reading
14
INTRODUCTION
1. BYPASSING THE SESSION MANAGEMENT
SCHEMA
1.1. Introduction
1.2. What the problem is
1.3. How can I see if I am vulnerable to this?
1.4. How can I fix this?
1.5. Further reading
3. SESSION FIXATION
3.1. Introduction
3.2. What the problem is
3.3. How can I see if I am vulnerable to this?
3.4. How can I fix this?
3.5. Further reading
4. EXPOSED SESSION VARIABLES
4.1. Introduction
4.2. What the problem is
4.3. How can I see if I am vulnerable to this?
4.4. How can I fix this?
4.5. Further reading
5. CROSS-SITE REQUEST FORGERY (CSRF)
5.1. Introduction
5.2. What the problem is
5.3. How can I see if I am vulnerable to this?
5.4. How can I fix this?
5.5. Further reading
15
1.1.
1.2.
1.3.
1.4.
1.5.
Introduction
What the problem is
How can I see if I am vulnerable to this?
How can I fix this?
Further reading
16
SCRIPTING (XSS)
1.1. Introduction
1.2. What the problem is
1.3. How can I see if I am vulnerable to this?
1.4. How can I fix this?
1.5. Further reading
17
7. SSI INJECTION
7.1. Introduction
7.2. What the problem is
7.3. How can I see if I am vulnerable to this?
7.4. How can I fix this?
7.5. Further reading
8. XPATH INJECTION
8.1. Introduction
8.2. What the problem is
8.3. How can I see if I am vulnerable to this?
8.4. How can I fix this?
8.5. Further reading
9. MX INJECTION (IMAP/POP3/SMTP)
9.1. Introduction
9.2. What the problem is
9.3. How can I see if I am vulnerable to this?
9.4. How can I fix this?
9.5. Further reading
10. CODE INJECTION AND RFI
10.1. Introduction
10.2. What the problem is
10.3. How can I see if I am vulnerable to this?
10.4. How can I fix this?
10.5. Further reading
11. COMMAND INJECTION
11.1. Introduction
11.2. What the problem is
11.3. How can I see if I am vulnerable to this?
11.4. How can I fix this?
11.5. Further reading
12. BUFFER OVERFLOW
12.1. Introduction
12.2. What the problem is
12.3. How can I see if I am vulnerable to this?
12.4. How can I fix this?
12.5. Further reading
13. HTTP SPLITTING/SMUGGLING
13.1. Introduction
13.2. What the problem is
13.3. How can I see if I am vulnerable to this?
18
19
Module 9: Cryptography
This module focuses on specific INTRODUCTION
defense tactics against attacks to try
to get around cryptographic security 1. CRYTOGRAPHY AND DATA STORAGE
1.1. Introduction
controls.
1.2.
1.3.
1.4.
1.5.
20
Introduction
What the problem is
How can I see if I am vulnerable to this?
How can I fix this?
Further reading
2.2.
2.3.
2.4.
2.5.
21
Introduction
Basic XML-RPC usage
Fingerprinting XML-RPC web services
Attacking XML-RPC web services
XML-RPC defense guidelines
2.1.
2.2.
2.3.
2.4.
2.5.
Introduction
Basic JSON-RPC usage
Fingerprinting JSON-RPC web services
Attacking JSON-RPC web services
JSON-RPC defense guidelines
3. SOAP BASICS
3.1. Introduction
3.2. Basic SOAP usage
3.3. Fingerprinting SOAP web services
3.4. Attacking SOAP web services
3.5. SOAP defense guidelines
4. REST BASICS
4.1. Introduction
4.2. Basic REST usage
4.3. Fingerprinting REST web services
4.4. Attacking REST web services
4.5. REST defense guidelines
5. WEB SERVICE INFORMATION GATHERING
5.1. Introduction
5.2. What the problem is
5.3. How can I see if I am vulnerable to this?
5.4. How can I fix this?
5.5. Further reading
6. SOAP/REST ACTION SPOOFING
6.1. Introduction
6.2. What the problem is
6.3. How can I see if I am vulnerable to this?
6.4. How can I fix this?
6.5. Further reading
22
7. XML ATTACKS
7.1. Introduction
7.2. How can I see if I am vulnerable to this?
7.3. How can I fix this?
7.4. Further reading
8. FILE UPLOAD ATTACKS
8.1. Introduction
8.2. How can I see if I am vulnerable to this?
8.3. How can I fix this?
8.4. Further reading
9. REPLAY ATTACKS
9.1. Introduction
9.2. What the problem is
9.3. How can I see if I am vulnerable to this?
9.4. How can I fix this?
9.5. Further reading
23
Introduction
What the problem is
How can I see if I am vulnerable to this?
How can I fix this?
Further reading
24
1.1.
1.2.
1.3.
1.4.
1.5.
Introduction
What the problem is
How can I see if I am vulnerable to this?
How can I fix this?
Further reading
25
INTRODUCTION
26
27
3. INTRUSION DETECTION
3.1. Introduction
3.2. Techniques
3.3. Automated solutions
3.4. Further reading
4. INTRUSION PREVENTION
4.1. Introduction
4.2. Automated solutions
4.3. Further reading
28
INTRODUCTION
1. PRELIMINARIES: GOVERNANCE
1.1. Introduction
1.2. Strategy and Metrics
1.3. Policy and Compliance
1.4. Training
1.5. Further reading
2. PRE-DEVELOPMENT: THREAT MODELING AND
DESIGN
2.1. Introduction
2.2. Types of attacker and motivations
2.3. Attack models
2.4. Example Design Requirements
2.5. Further reading
3. DEVELOPMENT: ARCHITECTURE
3.1. Introduction
3.2. Architectural decision examples
3.3. Architecture review and validation
3.4. Further reading
4. DEVELOPMENT: CODE REVIEWS
4.1. Introduction
4.2. Static analysis tools
4.3. Manual reviews
4.4. Further reading
5. DEVELOPMENT: SECURITY TESTING
5.1. Introduction
5.2. Dynamic analysis tools
5.3. Manual dynamic analysis
5.4. Further reading
6. DEPLOYMENT: HARDENING
6.1. Introduction
6.2. OS hardening
6.3. Web server hardening
6.4. Application hardening
6.5. Further reading
7. DEPLOYMENT: PENETRATION TESTING
7.1. Introduction
29
7.2.
7.3.
7.4.
7.5.
7.6.
30
About eLearnSecurity
A leading innovator in the field of practical, hands-on IT security training.
Based in Pisa (Italy), Dubai (UAE) and in San Jose (USA), eLearnSecurity is a leading
provider of IT security and penetration testing courses including certifications for IT
professionals.
eLearnSecurity's mission is to advance the career of IT security professionals by
providing affordable and comprehensive education and certification.
All eLearnSecurity courses utilize engaging eLearning and the most effective mix of
theory, practice and methodology in IT security - all with real-world lessons that
students can immediately apply to build relevant skills and keep their organization's
data and systems safe.
eLearnSecurity 2013
Via Matteucci 36/38
56124 Pisa, Italy
31