OffSec - WEB300

WEB-300: Advanced Web Attacks and Exploitation(線上課程及認證考試方案)

WEB-300: Advanced Web Attacks and Exploitation
  • 時數:0小時
  • 費用:NT$ 57,570
  • 點數:不適用企業點數

選擇查詢分區開課時間

地點 班號 日期 時間 預約

目前查無開課時段

詳細開課時間請洽詢業務
新竹、台中、高雄如有上課需求,請參考台北開課日期,洽當地服務人員依需求加開遠距開課日期

聯絡恆逸

教材

原廠電子教材

課程目標

Advanced Web Attacks and exploitation (WEB-300) is an advanced web application security course that teaches the skills needed to conduct white box web app penetration tests. Learners who complete the course and pass the exam earn the OffSec Web Expert (OSWE) certification and will demonstrate mastery in exploiting front-facing web apps. The OSWE is one of three certifications making up the OSCE³ certification along with the OSEP for advanced pentesting and OSED for exploit development.

線上課程方案介紹 (恆逸金銀卡會員另有優惠)

● Course & Cert Exam Bundle:NT57,570/一次性(含90天Lab與1次考試)

● Learn One: NT90,490/一年(含365天Lab與2次考試)

● Learn Unlimited:NT200,000/(含365天Lab與無限次考試)

適合對象

  1. Experienced penetration testers who want to better understand white box web app pentesting
  2. Web application security specialists
  3. Web professionals working with the codebase and security infrastructure of a web application

預備知識

  1. Comfort reading and writing at least one coding language
  2. Familiarity with Linux
  3. Ability to write simple Python / Perl / PHP / Bash scripts
  4. Experience with web proxies
  5. General understanding of web app attack vectors, theory, and practice

課程內容

  1. Introduction
  2. Tools & Methodologies
  3. ATutor Authentication Bypass and RCE
  4. ATutor LMS Type Juggling Vulnerability
  5. ManageEngine Applications Manager AMUserResourcesSyn cServlet SQL Injection RCE
  6. Bassmaster NodeJS Arbitrary JavaScript Injection Vulnerability
  7. DotNetNuke Cookie Deserialization RCE
  8. ERPNext Authentication Bypass and Server Side Template Injection
  9. openCRX Authentication Bypass and Remote Code Execution
  10. openITCOCKPIT XSS and OS Command Injection - Blackbox
  11. Concord Authentication Bypass to RCE
  12. Server Side Request Forgery
  13. Guacamole Lite Prototype Pollution
  14. Conclusion

學會技能

  1. Perform a deep analysis on decompiled web app source code
  2. Identify logical vulnerabilities that many enterprise scanners are unable to detect
  3. Combine logical vulnerabilities to create a proof of concept on a web app
  4. Exploit vulnerabilities by chaining them into complex attacks

備註事項

報名請上OffSec全系列線上課程平台

推薦課程