این دوره ترکیبی از جلسات حضوری و آنلاین به مدت ۴۰ ساعت میباشد. ۳۲ ساعت جلسه آموزشی به صورت آنلاین و ۸ ساعت کارگاه به صورت حضوری در محل دانشگاه فردوسی مشهد برگزار خواهد شد. علاوه بر این، شرکتکنندگان در این دوره با حل تمرینها و وظایف تحویلی به ارتقاء مهارتهای خود میپردازند و پس از اتمام دوره، و کسب امتیاز قبولی در آزمون نهایی، مدرک معتبری از طرف آزمایشگاه آپا دریافت میکنند.
1.Introduction to bootcamp
Course Overview
Course Structure
Prerequisites
Course Objectives
Getting Started!
2. Operation System
Windows
Architecture
Mac
Linux
Learning Linux for Web Application Penetration Testing
3. Networking
Basic Computer Networking
Subnetting
Gateway
Terminologies
Protocols
4. Web Applications
Definition and Importance
Evolution of Web Applications
Common uses and Examples
Web Application Architecture
Frontend vs. Backend
Three-tier architecture
Fundamentals of Web Technologies
HTML, CSS, JavaScript: Basics and interactions
Client-server architecture
HTTP protocol: Understanding request-response cycle
HTTPS protocol
Common Web Application Technologies
Server-side scripting languages (e.g., PHP, Python, Asp)
Frameworks (e.g., Laravel, Django, .net)
Databases (e.g., MySQL, PostgreSQL, MongoDB)
Types of Web Applications
Static
Dynamic Web Applications
Single-Page Applications (SPAs)
Progressive Web Applications (PWAs)
E-Commerce Web Application
Portal Web Application
Content Management System (CMS) Web Application
Rich Internet Applications (RIA)
5. Introducing Penetration Testing
Overview of Penetration Testing
Penetration Testing Phases
Types of Penetration Testing
Key Concepts in Penetration Testing
Benefits of Penetration Testing
Challenges and Considerations
Roles and Responsibilities
Web Application Security Fundamentals
OWASP
OWASP Top 10 vulnerabilities
Security by design principles
Importance of secure coding practices
Case Studies and Examples
7. Tools
8.Setting Up Penetration Testing Environment
Understanding Penetration Testing Environment
Selecting and Installing Operating Systems
Installing Penetration Testing Tools
Setting Up Practice Environments
8. Penetration Testing
Security Misconfigurations
Default Accounts and Settings
Unnecessary services and ports
Insecure network configurations
Exposed sensitive data
Missing security headers
Lack of Proper Error Handling
Using Components with Known Vulnerabilities
Outdated Libraries or Frameworks
Unpatched Software
Vulnerable Plugins or Extensions
Unverified components
Improper Logging and Monitoring
Insufficient event logging
Unsecured log storage
Logging sensitive information
Log Injection
Broken Authentication
Weak or predictable passwords
Session hijacking
Session replay
Session timeout issues
Username enumeration
Poor credential management
Brute Force Attacks
Session Fixation
Insecure Password Storage
Insecure authentication protocols
Insecure password recovery mechanisms
Cross-Site Request Forgery (CSRF)
File Upload Vulnerabilities
Unrestricted File Upload
Improper file type validation
Malicious File Execution
Insufficient file size limits
Failure to sanitize file names
Lack of server-side validation
Insecure file permissions
Content validation bypass
Client-side vulnerabilities
Server-side code execution
Broken Cryptography
Insecure cryptographic protocols
Insecure key management
Weak Encryption Algorithms
Insecure cryptographic usage
Injection Vulnerabilities
SQL Injection (SQLi)
Classic
Blind
Error-Based
Union-Based
Time-Based
Command Injection
NoSQL Injection
Cross-Site Scripting (XSS)
Reflected XSS
Stored XSS
DOM-Based XSS
SSI Injection (Server-Side Includes)
OS Command Injection
Path Traversal (Directory Traversal)
XML Injection
Broken Access Control
Insecure Direct Object References (IDOR)
Missing Function Level Access Control
Insecure Access Control Methods
Insufficient Authorization Checks
Privilege Escalation
9. Information Gathering
Introduction to Information Gathering
importance
goals and objective
Passive Information Gathering Techniques
Publicly Available Information
WHOIS Lookup
DNS Enumeration
OSINT (Open Source Intelligence)
Active Information Gathering Techniques
Port Scanning
Service Enumeration
Vulnerability Scanning
Banner Grabbing
Brute Force Attacks
Information Gathering for Specific Vulnerabilities
Security Misconfigurations
Using Components with Known Vulnerabilities
Improper Logging and Monitoring
Broken Authentication
File Upload Vulnerabilities
Broken Cryptography
Injection Vulnerabilities
Broken Access Control
10. Legal and Ethical Considerations
Ensuring compliance with laws, regulations, and ethical guidelines when conducting information gathering activities
Understanding the boundaries of permissible information gathering and respecting privacy rights
11. Practice and Task
12. Exam
