کالج اورست : اولین و مجهزترین آموزشگاه تخصصی کامپیوتر ، شبکه و برنامه نویسی در کرج با بیش از 13000 فارغ التحصیل (تاسیس 1388 )
با توجه به اهمیت و استفاده روز افزون از برنامه های تحت وب، آسیب پذیری ها و نفوذ به برنامه های تحت وب افزایش یافته است. در دوره AWAPT افراد در دو سطح مقدماتی و پیشرفته با تهدیدات رایج آشنا و روش نفوذ کردن با استفاده از آسیب پذیری ها را فرا می گیرند.پس از گذراندن دوره AWAPT افراد می توانند بر اساس استاندارد OWASP تست نفوذ را انجام دهند
کارشناس تست نفوذ برنامه های تحت وب
کارشناس امنیت شبکه
پیش نیاز این دوره، آشنایی با زبان های برنامه نویسی (طی نمودن دوره Programming Languages Basics) و نیز دوره CEH یا PWK می باشد.
The Attacker’s View of the Web
Overview of the Web from a Penetration Tester’s Perspective; Exploring the Various Servers and Clients; Discussion of the Various Web Architectures; Discover How Session State Works; Discussion of the Different Types of Vulnerabilities; Define a Web Application Test Scope and Process;
Reconnaissance and Mapping
Discover the Infrastructure Within the Application; Identify the Machines and Operating Systems;Learn Methods to Identify Load Balancers; Software Configuration Discovery; Google Hacking; Learn Tools to Spider a Website; Scripting to Automate Web Requests and Spidering; Application Flow Charting; Relationship Analysis Within an Application; JavaScript for the Attacker
Server-Side Discovery
Learn Methods to Discover Various Vulnerabilities; Explore Differences Between Different Data Back-ends; Explore Fuzzing and Various Fuzzing Tools; Discuss the Different Interfaces Websites Contain; Understand Methods for Attacking Web Services
Client-Side Discovery
Learn Methods to Discover Various Vulnerabilities; Learn Methods to Decompile Client-side Code; Explore Malicious Applets and Objects; Understand Methods for Attacking Web Services; Understand Methods for Testing Web 2.0 and AJAX-based Sites; Learn How AJAX and Web Services Change Penetration Tests; Learn the Attacker’s Perspective on Python and PHP
Advance Discovery and Exploitation for Web Applications
Review of the Testing Methodology; Using Burp Suite in a Web Penetration Test; Examining How to Use Burp Intruder to Effectively Fuzz Requests; Exploring Advanced Discovery Techniques for SQL Injection and Other Server-Based Flaws;XSS;CSRF;LFI;RFI; Learning Advanced Exploitation Techniques
Mobile Applications and Web Services
Attacking CBC Chosen Plaintext; Exploiting CBC with Padding Oracles; Understanding the Mobile Platforms and Architectures; Intercepting Traffic to Web Services and from Mobile Applications; Building a Test Environment; Penetration Testing of Web Services
Web Application Firewall and Filter Bypass
Understanding of Web Application Firewalling and Filtering Techniques; Exploring How to Determine the Rule Sets Protecting the Application; Learning How HTML5 Injections Work; Discovering the Use of UnICODE and Other Encodings