SANS SEC541.5 Automated Response Actions and CloudWars
فهرست مطالب کتاب Automated Response Actions and CloudWars:
Automated Response Actions
IT Ops Workflows
Security Workflows
EXERCISE: Set Up AutoForensic
Constructing Response Actions
EXERCISE: Run AutoForensic
CloudWars
SANS SEC542.1 Introduction and Information Gathering
فهرست مطالب کتاب Introduction and Information Gathering:
Why the Web?
Application Assessment Methodologies
Web Application Pen Tester’s Toolkit
Interception Proxies
EXERCISE: Configuring Interception Proxies
Open Source Intelligence (OSINT)
Virtual Host Discovery
EXERCISE: Virtual Host Discovery
HTTP Syntax and Semantics
HTTPS and Testing for Weak Ciphers
EXERCISE: Testing HTTPS
Target Profiling
SANS SEC542.2 Content Discovery, Authentication, and Session Testing
فهرست مطالب کتاب Content Discovery, Authentication, and Session Testing:
ندارد
SANS SEC542.3 Injection
فهرست مطالب کتاب SANS SEC542.3 Injection:
HTTP Response Security Controls
Command Injection
EXERCISE: Command Injection
File Inclusion and Directory Traversal
EXERCISE: Local/Remote File Inclusion
Insecure Deserialization
EXERCISE: Insecure Deserialization
SQL Injection Primer
Discovering SQLi
Exploiting SQLi
EXERCISE: Error-Based SQLi
SQLi Tools
EXERCISE:sqlmap + ZAP
Summary
SANS SEC542.4 XSS, SSRF, and XXE
فهرست مطالب کتاب SANS SEC542.4 XSS, SSRF, and XXE:
Document Object Model (DOM)
Cross-Site Scripting (XSS) Primer
Exercise: HTML Injection
XSS Impacts
BeEF
Exercise: BeEF
Classes of XSS
Exercise: DOM-Based XSS
Discovering XSS
XSS Tools
Exercise: XSS
AJAX
Data Attacks
REST and SOAP
Server-Side Request Forgery (SSRF)
Exercise: Server-Side Request Forgery
XML External Entities (XXE)
Exercise: XXE
Summary
SANS SEC542.5 CSRF, Logic Flaws, and Advanced
فهرست مطالب کتاب SANS SEC542.5 CSRF, Logic Flaws, and Advanced:
Cross-Site Request Forgery
Exercise: CSRF
Logic Flaws
Python for Web App Pen Testers
Exercise: Python
WPScan and ExploitDB
Exercise: WPScan and ExploitDB
Burp Scanner
Metasploit
Exercise: Metasploit/Drupalgeddon II
Nuclei
Exercise: Nuclei/Jenkins
When Tools Fail
Exercise: When Tools Fail
Business of Pen Testing: Preparation
Business of Pen Testing: Post Assessment
Summary
Bonus Exercise: Bonus Challenges
SANS SEC549 Workbook
فهرست مطالب کتاب Enterprise Cloud Security Architecture:
ندارد
SANS SEC549.1 Cloud Account Management and Identity Foundations
فهرست مطالب کتاب Cloud Account Management and Identity Foundations:
Security Architecture in the Cloud
Threat-Modeling the Cloud
Cloud-Native Security Models
Lab 1.1: Threat Modeling S3
Federated Access / Single Sign-On
Managing Users at Scale
Lab 1.2: Centralizing User Provisioning
Creating Hierarchical Cloud Structures
Designing for Policy Inheritance
Lab 1.3: Structure an AWS Organization
Implementing an Identity Foundation
Granting Access to Cloud Resources
Lab 1.4: Transition AWS Access to Roles
SANS SEC549.2 Implementing Zero-Trust in the Cloud
فهرست مطالب کتاب Enterprise Cloud Security Architecture:
Introduction to Cloud Migrations
Drivers for Cloud Migrations
Implementing Zero-Trust Architecture
Using Cloud Services to get to ZT
Lab 2.1: Integrating Auth into Legacy Application
Establishing Perimeters for Application Access
Connecting VPC-Aware and Non-VPC Aware Services
Lab 2.2: Creating a Shared VPC Network
Establishing Perimeters for Data Access
Managing S3 Access At Scale
Lab 2.3: Access Control For Shared Data Sets
SANS SEC555 Workbook Sections 1-2
فهرست مطالب کتاب SANS SEC555 Workbook Sections 1-2:
ندارد
SANS SEC555 Workbook Sections 3-5
فهرست مطالب کتاب SANS SEC555 Workbook Sections 3-5:
ندارد