从事安全测试工作以来,Burpsuite成为了我必不可少的工具。在HTTP协议相关的安全测试中,它强大的功能帮助我挖掘了许多漏洞。我相信开发这个优秀工具的公司推出的学习认证课程,肯定是贴近实际工作,具有提高技术能力的效果的。也因此,我决定花费近三个月的时间,深入理解各种安全问题的黑盒测试技巧,并获得该认证。根据我的经验,取得该从业认证意味着具备中级或更高水平的安全测试能力,并且掌握全面的测试方法论。因此,这是一次非常有价值的学习经历。
需要准备如下:
- portswigger账号
- Burpsuite工具
- 科学上网
- $99
参考:
- https://portswigger.net/web-security/certification
- https://portswigger.net/web-security/certification/how-to-prepare
完成下面列表中的所有实验,依次完成每个实验。完成实验没有固定的时间框架,但您必须能够在不需要访问所提供的解决方案的情况下完成。 如果您无法完成所选的实验,请返回学习材料并仔细阅读内容,完成该主题中的所有实验,以确保您熟悉漏洞类别及其涵盖的利用技术。
- Web shell upload via extension blacklist bypass
- OAuth account hijacking via redirect_uri
- SSRF via flawed request parsing
- SQL injection attack, querying the database type and version on MySQL and Microsoft
- Exploiting cross-site scripting to capture passwords
- CSRF where token validation depends on request method
- Blind XXE with out-of-band interaction via XML parameter entities
- Multistep clickjacking
- SSRF with filter bypass via open redirection vulnerability
- CORS vulnerability with trusted insecure protocols
- Exploiting HTTP request smuggling to deliver reflected XSS
- Server-side template injection in an unknown language with a documented exploit
- Using application functionality to exploit insecure deserialization
- File path traversal, traversal sequences stripped non-recursively
- Multi-step process with no access control on one step
- Broken brute-force protection, IP block
- Insufficient workflow validation
- Manipulating the WebSocket handshake to exploit vulnerabilities
- DOM XSS using web messages and a JavaScript URL
- Web cache poisoning with multiple headers
- Information disclosure in version control history
- Blind OS command injection with output redirection
- Discovering vulnerabilities quickly with targeted scanning
之所以选择这些实验室,是因为它们加强了核心网络安全测试技能——例如理解编码并使用它们来规避防御,以及熟练利用跨用户攻击。这些特定的实验室在技能发展方面支持您的考试准备,但它们绝不是您需要解决以完成考试的组成部分的列表。
- Exploiting cross-site scripting to steal cookies
- Blind SQL injection with out-of-band data exfiltration
- Forced OAuth profile linking
- Brute-forcing a stay-logged-in cookie
- Exploiting HTTP request smuggling to capture other users' requests
- SSRF with blacklist-based input filter
- SQL injection with filter bypass via XML encoding
- Discovering vulnerabilities quickly with targeted scanning