Hacking Book | Free Online Hacking Learning

Home

learning web security through code auditing

Posted by harmelink at 2020-03-07
all

The training camp will be divided into four parts. The first part introduces the idea of code audit and several basic examples of Web vulnerability audit. For example, SQL injection, XSS, CSRF, etc. The second part further introduces web related vulnerabilities, such as file class web vulnerabilities. The third part introduces some in-depth web vulnerabilities, such as session authentication. The fourth part introduces the use of code audit tools and the summary of the course.

Introduction and preparation of Experiment 1

Knowledge points: 1. Start code audit and learn the thinking of code audit; 2. Understand the causes of Web vulnerabilities at the code level; 3. Learn the preliminary defense of Web vulnerabilities

Experiment 2 Code Execution Vulnerability audit

Knowledge points: 1. Causes of Code Execution Vulnerability 2. Code Execution Vulnerability function 3. Code Execution Vulnerability defense

Experiment 3 command injection vulnerability audit

Knowledge points: 1. What is command injection vulnerability? 2. What are the functions related to the command injection vulnerability? 3. How to prevent command injection vulnerability?

Experiment 4 XSS vulnerability audit

Knowledge points: 1. What is XSS vulnerability? 2. What are the classifications of XSS vulnerabilities? 3. How to prevent XSS vulnerability?

Experiment 5 CSRF vulnerability audit

Knowledge points: 1. What is CSRF vulnerability? 2. What is the difference between CSRF and XSS? 3. How to prevent CSRF vulnerability?

Experiment 6 SQL injection vulnerability audit

Knowledge points: 1. Causes of SQL injection vulnerability 2. SQL injection vulnerability classification 3. SQL injection vulnerability defense

Experiment 7 file contains vulnerability audit

Knowledge points: 1. What is File Inclusion Vulnerability? 2. What are the categories of file containing vulnerabilities? 3. How to prevent File Inclusion Vulnerability?

Experiment 8 file upload vulnerability audit

Knowledge points: 1. What is file upload vulnerability? 2. Is there a function related to file upload vulnerability? 3. How to prevent file upload vulnerability?

Experiment 9 variable coverage vulnerability audit

Knowledge points: 1. What is variable coverage vulnerability? 2. What functions are involved in the variable coverage vulnerability? 3. How to prevent variable coverage vulnerability?

Experiment 10 identity authentication vulnerability audit

Knowledge points: 1. What is identity authentication vulnerability? 2. Cookie and session security? 3. How to prevent identity authentication loopholes?

Experiment 11 code audit tool use

Knowledge points: 1. Introduction to code audit tools 2. Detailed use of RIP

Experiment 12 code audit course summary

Code audit is to check the shortcomings and error information in the source code, analyze and find the security vulnerabilities caused by these problems, and provide code revision measures and suggestions. Through code audit, we can deeply understand the causes and defense methods of common web vulnerabilities.

This training camp will be divided into four parts. The first part introduces the idea of code audit and several basic examples of Web vulnerability audit, such as SQL injection, XSS, CSRF, etc. The second part further introduces web related vulnerabilities, such as file class web vulnerabilities. The third part introduces some in-depth web vulnerabilities, such as session authentication. The fourth part introduces the use of code audit tools and the summary of the course.

Experimental task

Course information

Jewel591 has published 3 courses in total

Blog: jewel591.fun, welcome to visit

View all teachers' courses