SANS SEC542.2 Content Discovery, Authentication, and Session Testing
فهرست مطالب کتاب Content Discovery, Authentication, and Session Testing:
ندارد
SANS SEC542.3 Injection
فهرست مطالب کتاب SANS SEC542.3 Injection:
HTTP Response Security Controls
Command Injection
EXERCISE: Command Injection
File Inclusion and Directory Traversal
EXERCISE: Local/Remote File Inclusion
Insecure Deserialization
EXERCISE: Insecure Deserialization
SQL Injection Primer
Discovering SQLi
Exploiting SQLi
EXERCISE: Error-Based SQLi
SQLi Tools
EXERCISE:sqlmap + ZAP
Summary
SANS SEC542.4 XSS, SSRF, and XXE
فهرست مطالب کتاب SANS SEC542.4 XSS, SSRF, and XXE:
Document Object Model (DOM)
Cross-Site Scripting (XSS) Primer
Exercise: HTML Injection
XSS Impacts
BeEF
Exercise: BeEF
Classes of XSS
Exercise: DOM-Based XSS
Discovering XSS
XSS Tools
Exercise: XSS
AJAX
Data Attacks
REST and SOAP
Server-Side Request Forgery (SSRF)
Exercise: Server-Side Request Forgery
XML External Entities (XXE)
Exercise: XXE
Summary
SANS SEC542.5 CSRF, Logic Flaws, and Advanced
فهرست مطالب کتاب SANS SEC542.5 CSRF, Logic Flaws, and Advanced:
Cross-Site Request Forgery
Exercise: CSRF
Logic Flaws
Python for Web App Pen Testers
Exercise: Python
WPScan and ExploitDB
Exercise: WPScan and ExploitDB
Burp Scanner
Metasploit
Exercise: Metasploit/Drupalgeddon II
Nuclei
Exercise: Nuclei/Jenkins
When Tools Fail
Exercise: When Tools Fail
Business of Pen Testing: Preparation
Business of Pen Testing: Post Assessment
Summary
Bonus Exercise: Bonus Challenges
SANS SEC549 Workbook
فهرست مطالب کتاب Enterprise Cloud Security Architecture:
ندارد
SANS SEC549.1 Cloud Account Management and Identity Foundations
فهرست مطالب کتاب Cloud Account Management and Identity Foundations:
Security Architecture in the Cloud
Threat-Modeling the Cloud
Cloud-Native Security Models
Lab 1.1: Threat Modeling S3
Federated Access / Single Sign-On
Managing Users at Scale
Lab 1.2: Centralizing User Provisioning
Creating Hierarchical Cloud Structures
Designing for Policy Inheritance
Lab 1.3: Structure an AWS Organization
Implementing an Identity Foundation
Granting Access to Cloud Resources
Lab 1.4: Transition AWS Access to Roles
SANS SEC549.2 Implementing Zero-Trust in the Cloud
فهرست مطالب کتاب Enterprise Cloud Security Architecture:
Introduction to Cloud Migrations
Drivers for Cloud Migrations
Implementing Zero-Trust Architecture
Using Cloud Services to get to ZT
Lab 2.1: Integrating Auth into Legacy Application
Establishing Perimeters for Application Access
Connecting VPC-Aware and Non-VPC Aware Services
Lab 2.2: Creating a Shared VPC Network
Establishing Perimeters for Data Access
Managing S3 Access At Scale
Lab 2.3: Access Control For Shared Data Sets
SANS SEC556.1 Introduction to IoT Network Traffic and Web Services
فهرست مطالب کتاب SANS SEC556.1 Introduction to IoT Network Traffic and Web Services:
Internet of Things – History and Overview
IoT Testing Methodology
IoT Network Analysis and Exploitation
Exercise: Analyze an IoT Device Packet Capture
Exercise: Scan and Exploit an IoT Router Device
The Web of Things
IoT Web Services Recon
Exercise: Access a Publicly Exposed IoT Webcam
Hacking loT Devices on the Web
Attacking loT Web Service APIs
Exercise: Steal a Car through IoT Web Service APIs
SANS SEC556.2 Exploiting IoT Hardware Interfaces and Analyzing Firmware
فهرست مطالب کتاب SANS SEC556.2 Exploiting IoT Hardware Interfaces and Analyzing Firmware:
Background and Importance
Opening the Device
Examining and Identifying Components
Exercise: Obtaining and Analyzing Specification Sheets
Discovering and Identifying Ports
A Soldering Primer
Sniffing, Interaction, and Exploitation of Hardware Ports
Exercise: Sniffing Serial and SPI
Other Ways of Recovering Firmware
Exercise: Recovering Firmware from PCAP
Firmware Analysis
Exercise: Recovering Filesystems with Binwalk
Pillaging the Firmware
Exercise: Pillaging the Filesystem
SANS SEC556.3 Exploiting Wireless IoT Wi-Fi, BLE, Zigbee, LoRa, and SDR
فهرست مطالب کتاب SANS SEC556.3 Exploiting Wireless IoT: Wi-Fi, BLE, Zigbee, LoRa, and SDR:
Wi-Fi
Exercise: Wi-Fi PSK Cracking
Bluetooth Low Energy
Exercise: BLE Device Interaction
Zigbee
Exercise: Zigbee Traffic Capture
LoRa
SDR
Exercise: Conducting a Replay Attack on loT
SANS SEC642.1 Advanced Attacks
فهرست مطالب کتاب SANS SEC642.1 Advanced Attacks:
Methodology and Context
EXERCISE: Getting Warmed Up
RFI
LFI
PHP File Upload Attack
EXERCISE: LFI to Code Execution
SQL Injection
Data Exfiltration
EXERCISE: SQL Injection
NoSQL Injection
MongoDB
EXERCISE: MongoDB NoSQL Injection
DOM-Based XSS
Exploiting XSRF
Exercise: Combined XSS and XSRF