The training camp will be divided into four parts. The first part introduces the idea of code audit and several basic examples of Web vulnerability audit. For example, SQL injection, XSS, CSRF, etc. The second part further introduces web related vulnerabilities, such as file class web vulnerabilities. The third part introduces some in-depth web vulnerabilities, such as session authentication. The fourth part introduces the use of code audit tools and the summary of the course.
- Cause of Code Execution Vulnerability
- Code Execution Vulnerability prevention
- XSS vulnerability audit
- SQL access vulnerability audit
- File upload vulnerability audit
- Audit of identity authentication vulnerability
- Code Execution Vulnerability function
- Command injection vulnerability audit
- CSRF vulnerability audit
- File contains vulnerability audit
- Audit of variable coverage vulnerability
- Use of code audit tools
Introduction and preparation of Experiment 1
Knowledge points: 1. Start code audit and learn the thinking of code audit; 2. Understand the causes of Web vulnerabilities at the code level; 3. Learn the preliminary defense of Web vulnerabilities
Experiment 2 Code Execution Vulnerability audit
Knowledge points: 1. Causes of Code Execution Vulnerability 2. Code Execution Vulnerability function 3. Code Execution Vulnerability defense
Experiment 3 command injection vulnerability audit
Knowledge points: 1. What is command injection vulnerability? 2. What are the functions related to the command injection vulnerability? 3. How to prevent command injection vulnerability?
Experiment 4 XSS vulnerability audit
Knowledge points: 1. What is XSS vulnerability? 2. What are the classifications of XSS vulnerabilities? 3. How to prevent XSS vulnerability?
Experiment 5 CSRF vulnerability audit
Knowledge points: 1. What is CSRF vulnerability? 2. What is the difference between CSRF and XSS? 3. How to prevent CSRF vulnerability?
Experiment 6 SQL injection vulnerability audit
Knowledge points: 1. Causes of SQL injection vulnerability 2. SQL injection vulnerability classification 3. SQL injection vulnerability defense
Experiment 7 file contains vulnerability audit
Knowledge points: 1. What is File Inclusion Vulnerability? 2. What are the categories of file containing vulnerabilities? 3. How to prevent File Inclusion Vulnerability?
Experiment 8 file upload vulnerability audit
Knowledge points: 1. What is file upload vulnerability? 2. Is there a function related to file upload vulnerability? 3. How to prevent file upload vulnerability?
Experiment 9 variable coverage vulnerability audit
Knowledge points: 1. What is variable coverage vulnerability? 2. What functions are involved in the variable coverage vulnerability? 3. How to prevent variable coverage vulnerability?
Experiment 10 identity authentication vulnerability audit
Knowledge points: 1. What is identity authentication vulnerability? 2. Cookie and session security? 3. How to prevent identity authentication loopholes?
Experiment 11 code audit tool use
Knowledge points: 1. Introduction to code audit tools 2. Detailed use of RIP
Experiment 12 code audit course summary
Code audit is to check the shortcomings and error information in the source code, analyze and find the security vulnerabilities caused by these problems, and provide code revision measures and suggestions. Through code audit, we can deeply understand the causes and defense methods of common web vulnerabilities.
This training camp will be divided into four parts. The first part introduces the idea of code audit and several basic examples of Web vulnerability audit, such as SQL injection, XSS, CSRF, etc. The second part further introduces web related vulnerabilities, such as file class web vulnerabilities. The third part introduces some in-depth web vulnerabilities, such as session authentication. The fourth part introduces the use of code audit tools and the summary of the course.
Experimental task
- Code Execution Vulnerability prevention
- Command injection vulnerability prevention
- XSS vulnerability prevention
- CSRF vulnerability prevention
- SQL injection vulnerability prevention
- File contains vulnerability defense
- File upload vulnerability prevention
- Variable coverage vulnerability prevention
- Identity authentication vulnerability defense
- Use of code audit tools
Course information
- Learning cycle: the course is valid for 2 months. After 2 months, the experimental documents can be read all the time, but the online experiment cannot be carried out. Senior members can study all the time during the period of validity, and the course will be invalid after the expiration of senior members (unable to read the document).
- Course price: preferential price 59 yuan.
- Enterprise group newspaper: you can get more support services. Please click to purchase.
Jewel591 has published 3 courses in total
Blog: jewel591.fun, welcome to visit
View all teachers' courses