پیش‌نیاز شرکت در این دوره

این دوره به طور فشرده مباحث بسیاری را به دانشجویان آموزش خواهد داد. اما پیشنیازهای اولیه برای شرکت در این دوره، دوره‌های Network+ وLpic1 خواهند بود.

توانایی‌های فرد بعد از گذراندن دوره

بعد از گذراندن این دوره، دانشجویان می‌توانند:ویژگی اصلی پکیج دوره‌های تست نفوذ وب، طی کردن دوره‌ها به صورت فشرده و با هزینه مناسب است. علاقمندان پس از گذراندن این دوره، همراه با مدرک معتبر، به عنوان یک متخصص حوزه تست نفوذ وب شناخته خواهند شد و می‌توانند به صورت جدی در این حوزه فعالیت کنند.

سرفصل‌های دوره جامع امنیت وب

CEH
- What is Penetration Testing
- What is Vulnerability Assessments
- What is Red Team
- Type of Hackers
- Technical Phrases and Words
- What is Exploit?
- Penetration Testing Phases
- What is CVE, CPE, CWE
- What is CVSS
- What is Passive/Active Scan Phrase?
- Introduction to Tor and Proxies
- Type of Viruses/Trojans/Backdoors
- Sniffing Concepts and Techniques
- What is Social Engineering
- D/Dos Attacks and Botnet
- What is DMZ/WAF/Monitoring
- IDS/IPS/Firewall/Honeypot
- Introduction to Cloud (Concepts)
- Encryption (AES/DES)(Symmetric/Asymmetric)
- What is Buffer Overflow?

PWK
- Metasploit for WebApp PenTest
- Crunch, CUPP
- Vega, OpenVAS

JS
- Basic Programming Concepts (Variables, DOM, ...)
- Variables, Arrays, I/O, WebAPI
- Conditions, Loops
- Functions, Event Handlers
- Async Concepts and Async Functions (setTimeout, ...)

SQL
- Databases (SQL, NoSQL), RDBMS, Query Language and ORM Concepts
- Install and Configure MySQL and phpMyadmin
- Database, Table and Columns Concepts
- Create, Read, Update, Delete (CRUD)
- Union, Read File, Write File, Hex

PHP
- Basic Programming Concepts
- Variables, Arrays, I/O
- Conditions, Loops
- Functions
- HTTP Methods
- Vulnerable/Dangerous Functions
- Database Connection (MySQL)

Lian Basic Web Application PenTest
- HTTP/S Concepts (HTTP Headers, SSL, HTTP/1.1/2/3, ...)
- Web Servers (Apache, Nginx, IIS)
- Web Application Technologies and Browser Concepts (SPA, AJAX, WebSocket, WebPack, Storages, Modern WebApps vs Classic WebApps, ...)
- Information Gathering
[+] Introduction to OSINT
[+] Usefull Browser Addons
[+] Find Subdomains & Usefull Tools (whois, nslookup, dig, AMASS, WhatWaf, WafW00f, WhatWeb, ...)
[+] Google Hacking
[+] Shodan
- Introduction to BurpSuite
[+] Install and Configure Java
[+] Install CA and Configure Browser
[+] Introduce BurpSuite Features
[+] Intercepting and Actions
[+] Usefull Extensions and Automation
- Be Friend with Your Enemy
[+] Technologies/Business Logic/Authentication Mechanism (Authentication Types)
[+] Spider and Fuzzing (BurpSuite, GoBuster, WFUZZ, SecList, ...)
[+] Username Enumeration (Error Base, Time Base, Response Length, ...)
- Introductions to Vulnerabilities
[+] Install and Configure Bee-Box (bWAPP)
[+] Introduction to OWASP(WSTG)/Top 10/ASVS
- Discover Vulnerabilities and Exploitation
[+] HTML Injection
[+] IFrame Injection
[+] SMTP Injection
[+] OS Command Injection (include Blind Technique)
[+] PHP Code Injection
[+] Server-Side Includes (SSI)
[+] SQL Injection
[+] XML/XPath Injection
[+] Captcha Bypass Techniques (SentryMBA, Insecure Configuration)
[+] Insecure Logout Management Vulnerability
[+] Password Attacks & Weak Password
[+] Cross-Site Scripting (XSS) (Include Beef)
[+] Insecure Direct Object References (IDOR)
[+] Cross-Origin Resource Sharing (AJAX)
[+] Denial-of-Service (Slowloris Vulnerability)
[+] Insecure FTP Configuration
[+] Insecure WebDAV Configuration
[+] Old/Backup & Unreferenced Files
[+] Robots File (Disclosure)
[+] Insecure Way to Save Sensitive Data (Encoding, Weak Hash, ...)
[+] SSL Attacks (Poodle/BEAST/CRIME/BREACH/TLS1.0/SSL Deprecated Version/...)
[+] Clear Text HTTP (Insecure Comminucation)
[+] Heartbleed Vulnerability
[+] Host Header Injection
[+] HTML5 Web Storage
[+] Directory Traversal
[+] Local/Remote File Inclusion (LFI/RFI)
[+] Server-Side Request Forgery (SSRF)
[+] XML External Entity Attacks (XXE)
[+] Cross-Site Request Forgery (CSRF)
[+] Shellshock Vulnerability
[+] Open Redirect Vulnerability
[+] Clickjacking (X-Frame-Options)
[+] Bypass Client-Side Validation
[+] HTTP Parameter Pollution
[+] HTTP Response Splitting
[+] HTTP Verb Tampering
[+] Unrestricted File Upload

Lian Advance Web Application PenTest
[+] Wordpress Vulnerability Discovery and Exploitation
[+] Shell Upload via WAR File in Apache Tomcat
[+] Shell Upload Bypass Techniques
[+] InQL Burp Suite Extension
[+] JSON Hijacking
[+] Command Injection Bypass Techniques
[+] Cross-Site Request Forgery Bypass Techniques
[+] Cross-Site Scripting Bypass Techniques
[+] Cross-Site Scripting to Cross-Site Request Forgery (XSS TO CSRF) Technique
[+] Web Socket Penetration Testing
[+] API Security & Vulnerability Assessment
[+] SOAP Web Service Penetration Testing

Standards (OWASP/PCIDSS/CVSS)
[+] Web Security Testing Guide (WSTG 4.1)
[+] OWASP Top 10 (Web)
[+] OWASP Top 10 (API)
[+] Payment Card Industry Data Security Standard (PCI DSS)
[+] Calculate CVSS 2&3

مخاطبین دوره امنیت و تست نفوذ وب

مخاطبین این دوره تمام کسانی هستند که به حوزه تست نفوذ وب علاقمند بوده و دوره‌های پیشنیاز آن را گذرانده باشند. دانشجویان، متخصصین امنیت، متخصصین IT و کارکنان بخش IT تمام سازمان‌ها، ازجمله مخاطبین اصلی این دوره به شمار می‌روند.