成为查找和利用跨站请求伪造 (CSRF) 的专业人士。适用于道德黑客和漏洞猎人。
您将学到什么?
CSRF 漏洞
跨站请求伪造漏洞
查找和利用跨站请求伪造 (CSRF) 漏洞
渗透测试
漏洞悬赏
Portswigger 提供的所有跨站请求伪造 (CSRF) 学徒和从业人员实验室演练
要求:基本 IT 技能
基本 IT 技能
对网络技术有基本了解
无需 Linux、编程或黑客知识
至少有 4GB 内存的电脑
操作系统: Windows / Apple Mac OS / Linux
可靠的互联网连接
Burp Suite 社区(可选专业版)
火狐浏览器
说明
欢迎来到跨站请求伪造(CSRF)大师班--从零到英雄!本课程结合理论和实际动手实验经验,查找并利用现代应用程序(Web 应用程序、API 和移动设备)中的跨站请求伪造(CSRF)漏洞。重要说明:本课程不教授 Burp Suite 及其功能的实际用法。重要提示:本课程不教授 Burp Suite 及其功能的实际使用方法,而是通过实践实验室逐步讲解如何查找和利用网络应用程序漏洞。他是一位拥有 27 年经验的资深网络安全专家。Martin 拥有多项最高级别的认证,包括 CISSP、OSCP、OSWP、Portswigger BSCP、CCIE、PCI ISA 和 PCIP。他在一家大型科技公司担任顾问,并参与了 Bug Bounty 计划,多年来发现了数千个关键和高危漏洞。本课程在跨站请求伪造(CSRF)部分介绍了 PortSwigger Web 安全学院当前所有学徒和从业人员的实验室演练。此外,课程还包含完整的理论部分,解释了不同类型的跨站请求伪造(CSRF)漏洞。马丁正在解决所有这些实验室问题,并就如何发现和利用这些漏洞给出了有用的见解。他不只是插入有效载荷,还解释了查找漏洞的每个步骤,以及为什么可以以某种方式利用漏洞。视频很容易跟随和复制。本培训强烈推荐给希望成为 Web 应用程序渗透测试、Web 应用程序 Bug 赏金猎取方面的专业人士,并希望一次只专注于一个漏洞类别的人员。 理论部分将讨论以下概念:- 理论- CSRF 标记和旁路- Cookie 属性- Referrers- 示例- 提示- 查找跨站请求伪造(CSRF)漏洞实验部分将讨论以下概念:- Portswigger 提供的所有跨站请求伪造(CSRF)学徒和从业人员实验室的演练- 附加 CSRF 实验注释及免责声明Portswigger 实验室是 Portswigger 提供的一项公共免费服务,任何人都可以利用它来提高自己的技能。您只需注册一个免费账户。当有新的实验室发布时,我会及时更新本课程。我会在合理的时间内回复问题。学习 Web 应用程序 Pen Testing / Bug Bounty Hunting 是一个漫长的过程,所以如果你没有马上找到 Bug,请不要感到沮丧。尝试使用 Google、阅读 Hacker One 报告并深入研究每个功能。本课程仅用于教育目的。此信息不得用于恶意利用,只能用于您有权限攻击的目标。
课程对象
任何对网络应用程序道德黑客/网络应用程序渗透测试感兴趣的人
有兴趣成为网络应用程序漏洞赏金猎人的人员
有兴趣了解黑客如何入侵网络应用程序的人员
希望进一步了解可能影响自身的漏洞的开发人员
对应用程序安全感兴趣的人
对红队感兴趣的人
对攻击性安全感兴趣的人
CSRF Mastery: Hands-on from Zero to Hero!
Published 4/2024
Created by Martin Voelk
MP4 | Video: h264, 1280x720 | Audio: AAC, 44.1 KHz, 2 Ch
Genre: eLearning | Language: English | Duration: 15 Lectures ( 1h 38m ) | Size: 834 MB
Become professional in finding and exploiting Cross-site Request Forgery (CSRF). For Ethical Hackers and Bug Hunters.
What you'll learn:
CSRF vulnerabilities
Cross-side request forgery vulnerabilities
find and exploit Cross-Site Request Forgery (CSRF) vulnerabilities
penetration testing
bug bounty hunting
Walkthrough of all Cross-site Request Forgery (CSRF) Apprentice and Practitioner Labs from Portswigger
Requirements:
Basic IT Skills
Basic understanding of web technology
No Linux, programming or hacking knowledge required
Computer with a minimum of 4GB ram/memory
Operating System: Windows / Apple Mac OS / Linux
Reliable internet connection
Burp Suite Community (Pro optional)
Firefox Web Browser
Description:
Welcome to the Cross-site Request Forgery (CSRF) Mastery Class – From Zero to Hero!This class combines both theory and practical hands-on lab experience to find and exploit Cross-site Request Forgery (CSRF) vulnerabilities in modern applications (web apps, APIs and mobile).Important note: This course is NOT teaching the actual usage of Burp Suite and its features. This course is proving a step-by-step walkthrough through the practitioner labs with detailed explanations on how to find and exploit web app vulnerabilities.Your instructor is Martin Voelk. He is a Cyber Security veteran with 27 years of experience. Martin holds some of the highest certification incl. CISSP, OSCP, OSWP, Portswigger BSCP, CCIE, PCI ISA and PCIP. He works as a consultant for a big tech company and engages in Bug Bounty programs where he found thousands of critical and high vulnerabilities over the years.This course features all current apprentice and practitioner PortSwigger Web Security Academy lab walk-throughs in the Cross-site Request Forgery (CSRF) section. In addition, it features a full theory portion which explains the different types of Cross-site Request Forgery (CSRF) vulnerabilities. Martin is solving all these labs and giving useful insight on how to find and exploit these vulnerabilities. He is not just inserting the payload but explains each step on finding the vulnerability and why it can be exploited in a certain way. The videos are easy to follow along and replicate. Martin is also dropping a lot of tips and tricks for real-world Penetration Testing or Bug Bounty Hunting.This training is highly recommended for anyone who wants to become a professional in Web Application Penetration Testing, Web Application Bug Bounty Hunting and wants to focus at 1 vulnerability class at a time.It will feature all Apprentice and Practitioner Labs in the Cross-site Request Forgery (CSRF) section.The theory portion discusses the concepts around:· Theory· CSRF tokens and bypasses· Cookie attributes· Referrers· Examples· Tips· Finding Cross-site Request Forgery (CSRF) VulnerabilitiesThe lab portion will feature:· Walkthrough of all Cross-site Request Forgery (CSRF) Apprentice and Practitioner Labs from Portswigger· Additional CSRF LabNotes & DisclaimerPortswigger labs are a public and a free service from Portswigger for anyone to use to sharpen their skills. All you need is to sign up for a free account. I will update this course with new labs as they are published. I will to respond to questions in a reasonable time frame. Learning Web Application Pen Testing / Bug Bounty Hunting is a lengthy process, so please don’t feel frustrated if you don’t find a bug right away. Try to use Google, read Hacker One reports and research each feature in-depth. This course is for educational purposes only. This information is not to be used for malicious exploitation and must only be used on targets you have permission to attack.
Who this course is for:
Anybody interested in ethical web application hacking / web application penetration testing
Anybody interested in becoming a web application bug bounty hunter
Anybody interested in learning how hackers hack web applications
Developers looking to expand on their knowledge of vulnerabilities that may impact them
Anyone interested in application security
Anyone interested in Red teaming
Anyone interested in offensive security
