امن افزار رایکا

فهرست مطالب کتاب Cloud Service and Data Discovery:

Capital One Attack

Metadata Service and GuardDuty

EXERCISE: Metadata and GuardDuty

Cloud Inventory

EXERCISE: Cloud Inventory

Data Discovery

EXERCISE: Detecting Sensitive Data

Vulnerability Analysis Services

EXERCISE: Vulnerability Analysis

Data Centralization Techniques

EXERCISE: Data Centralization with Graylog

فهرست مطالب کتاب Introduction and Information Gathering:

Why the Web?

Application Assessment Methodologies

Web Application Pen Tester’s Toolkit

Interception Proxies

EXERCISE: Configuring Interception Proxies

Open Source Intelligence (OSINT)

Virtual Host Discovery

EXERCISE: Virtual Host Discovery

HTTP Syntax and Semantics

HTTPS and Testing for Weak Ciphers

EXERCISE: Testing HTTPS

Target Profiling

فهرست مطالب کتاب SANS SEC542.5 CSRF, Logic Flaws, and Advanced:

Cross-Site Request Forgery

Exercise: CSRF

Logic Flaws

Python for Web App Pen Testers

Exercise: Python

WPScan and ExploitDB

Exercise: WPScan and ExploitDB

Burp Scanner

Metasploit

Exercise: Metasploit/Drupalgeddon II

Nuclei

Exercise: Nuclei/Jenkins

When Tools Fail

Exercise: When Tools Fail

Business of Pen Testing: Preparation

Business of Pen Testing: Post Assessment

Summary

Bonus Exercise: Bonus Challenges