Web attack and defense

A unique professional in terms of qualifications and experience, a leading teacher in the field of Computer Network Security.

Expert teacher of Oracle and Java courses. Oracle Certified Specialist, Candidate of Technical Sciences. He is distinguished by his diverse experience in practical and teaching activities.
In 2003, Alexey Anatolyevich graduated with honors from MIREA. In 2006, he defended his PhD thesis on the topic of building secure automated information systems.
A major specialist in the field of database security, building secure java and web applications for Oracle DBMS and SQL Server, developing stored program modules in PL/SQL and T-SQL. Automated the activities of large state-owned enterprises. Provides consulting and advisory services in the development of complex distributed web applications based on the Java EE platform.
Alexey Anatolyevich’s teaching experience in the postgraduate education system exceeds 7 years. Worked with corporate clients, trained employees of the companies “BANK PSB”, “Internet University of Information Technologies (INTUIT)”, “SINTERRA”.
Author of several educational and methodological manuals on programming and working with databases. From 2003 to 2005, Alexey Anatolyevich was engaged in the adaptation and technical translation of foreign literature on web programming and working with databases. Published over 20 scientific papers.
Grateful graduates invariably note the accessible manner of presentation of even the most complex topics, detailed answers to questions from students, and the abundance of living examples from the teacher’s professional practice.

Module 1. Website concepts (2 ac. h.)

-Principles of operation of web servers and web applications
-Principles of website and web application security
-What is OWASP
-OWASP Top 10 classification overview
-Introduction to tools for performing attacks
-Lab setup

Module 2. Injections (4 ac. h.)

-What are injections and why are they possible?
-HTML injection
-What is iFrame
-iFrame injection
-What is LDAP
-LDAP injection
-What are mail headers
-Injections in mail headers
-Operating system command injection
-PHP code injection
-What are server side inclusions (SSI)
-SSI injections
-Structured Query Language (SQL) concepts
-SQL injection
-What is AJAX/JSON/jQuery
-SQL injection in AJAX/JSON/jQuery
-What is CAPTCHA
-SQL injection bypassing CAPTCHA
-SQLite injection
-Example of SQL injection in Drupal
-What are stored SQL injections
-Stored SQL injections
-Stored SQLite injections
-XML Concepts
-Stored SQL injection into XML
-Using User-Agent
-SQL injection into the User-Agent field
-Blind SQL injections on a logical basis
-Blind SQL injections on a temporary basis
-Blind SQLite injections
-What is Object Access Protocol (SOAP)
-Blind SQL Injection in SOAP
-XML/XPath injection

Module 3. Hacking authentication and session (2 ac. h.)

-Bypass CAPTCHA
-Attack on password recovery functionality
-Attack on login forms
-Attack on output control
-Attacks on passwords
-Use of weak passwords
-Using a universal password
-Attacks on administrative portals
-Attacks on Cookies
-Attacks on passing the session ID in the URL
-Session fixation

Module 4. Leakage of important data (2 ac. h.)

-Using Base64 encoding
-Open transmission of credentials via HTTP
-Attacks on SSL BEAST/CRIME/BREACH
-Attack on Heartbleed vulnerability
-POODLE vulnerability
-Storing data in HTML5 web storage
-Using outdated versions of SSL
-Storing data in text files

Module 5. External XML objects (2 ac. h.)

-Attack on external XML objects
-XXE attack when resetting password
-Attack on vulnerability in login form
-Attack on vulnerability in search form
-Denial of service attack

Module 6. Violation of access control (2 ac. h.)

-An example of an attack on an insecure direct link when changing a user's password
-An example of an attack on an insecure direct link when resetting a user's password
-An example of an attack on an insecure direct link when ordering tickets in an online store
-Directory Traversal in Directories
-Directory traversal in files
-Attack on the Host header leading to cache poisoning
-Attack on Host header leading to password reset
-Including local file in SQLiteManager
-Enable local or remote file (RFI/LFI)
-Device restriction attack
-Directory access restriction attack
-SSRF attack
-Attack on XXE

Module 7. Insecure configuration (2 ac. h.)

-Principles of configuration attacks
-Random access to files in Samba
- Flash Cross-Domain Policy File
-Shared resources in AJAX
-Cross-Site Tracing (XST)
-Denial of Service (Large Chunk Size)
-Denial of Service (Slow HTTP DoS)
-Denial of Service (SSL Exhaustion)
-Denial of Service (XML Bomb)
-Insecure DistCC configuration
-Insecure FTP configuration
-Insecure NTP configuration
-Insecure SNMP configuration
-Insecure VNC configuration
-Insecure WebDAV configuration
-Local privilege escalation
-Man in the Middle Attack in HTTP
-Man in the Middle Attack in SMTP
-Insecure storage of archived files
-Robots file

Module 8. Cross-site scripting (XSS) (3 ac. h.)

-Reflected XSS in GET requests
-Reflected XSS in POST requests
-Reflected XSS to JSON
-Reflected XSS in AJAX
Reflected XSS in XML
-Reflected XSS in the return button
-Reflected XSS in the Eval function
-Reflected XSS in HREF attribute
-Reflected XSS in login form
-Example of reflected XSS in phpMyAdmin
-Reflected XSS in PHP_SELF variable
-Reflected XSS in the Referer header
-Reflected XSS in User-Agent header
-Reflected XSS in custom headers
-Stored XSS in blog posts
-Stored XSS when changing user data
-Stored XSS in Cookies
-Stored XSS in SQLiteManager
-Stored XSS in HTTP headers

Module 9. Unsafe deserialization (2 ac. h.)

-Demonstration of PHP object injection
-Backdoor injection during deserialization
-Unsafe deserialization in JavaScript

Module 10. Using components with known vulnerabilities (2 ac. h.)

-Local buffer overflow attacks
-Remote buffer overflow attacks
-SQL injection in Drupal (Drupageddon)
-Heartbleed vulnerability
-Remote code execution in PHP CGI
-Attack on PHP Eval function
-Vulnerability in phpMyAdmin BBCode Tag XSS
-Shellshock vulnerability
-Connecting a local file in SQLiteManager
-Injection of PHP code into SQLiteManager
-XSS in SQLiteManager

Module 11. Lack of logging and monitoring (1 ac. h.)

-Example of insufficient logging
-Example of logging vulnerability
-An example of insufficient monitoring