整合營銷服務(wù)商
電腦端+手機(jī)端+微信端=數(shù)據(jù)同步管理
免費(fèi)咨詢熱線:
電腦端+手機(jī)端+微信端=數(shù)據(jù)同步管理
免費(fèi)咨詢熱線:
言:
本篇主要來推薦給大家一個好用的web滲透測試靶站。
對于網(wǎng)絡(luò)安全行業(yè)的滲透測試人員,這個工具無疑會大大增加工作效率;
對于非網(wǎng)絡(luò)安全行業(yè)的技術(shù)愛好者來說,也是一個值得收藏的工具。
bWAPP
bWAPP
這個站點(diǎn)覆蓋了100+通用普遍的web漏洞,包括SQL注入攻擊、越權(quán)、XSS攻擊、CSRF、配置安全、敏感數(shù)據(jù)泄漏等等,下面是一個明細(xì)列表:
--------------
A1 - Injection
--------------
HTML Injection - Reflected (GET)
HTML Injection - Reflected (POST)
HTML Injection - Reflected (Current URL)
HTML Injection - Stored (Blog)
iFrame Injection
LDAP Injection (Search)
Mail Header Injection (SMTP)
OS Command Injection
OS Command Injection - Blind
PHP Code Injection
Server-Side Includes (SSI) Injection
SQL Injection (GET/Search)
SQL Injection (GET/Select)
SQL Injection (POST/Search)
SQL Injection (POST/Select)
SQL Injection (AJAX/JSON/jQuery)
SQL Injection (CAPTCHA)
SQL Injection (Login Form/Hero)
SQL Injection (Login Form/User)
SQL Injection (SQLite)
SQL Injection (Drupal)
SQL Injection - Stored (Blog)
SQL Injection - Stored (SQLite)
SQL Injection - Stored (User-Agent)
SQL Injection - Stored (XML)
SQL Injection - Blind - Boolean-Based
SQL Injection - Blind - Time-Based
SQL Injection - Blind (SQLite)
SQL Injection - Blind (Web Services/SOAP)
XML/XPath Injection (Login Form)
XML/XPath Injection (Search)
-----------------------------------------------
A2 - Broken Authentication & Session Management
-----------------------------------------------
Broken Authentication - CAPTCHA Bypassing
Broken Authentication - Forgotten Function
Broken Authentication - Insecure Login Forms
Broken Authentication - Logout Management
Broken Authentication - Password Attacks
Broken Authentication - Weak Passwords
Session Management - Administrative Portals
Session Management - Cookies (HTTPOnly)
Session Management - Cookies (Secure)
Session Management - Session ID in URL
Session Management - Strong Sessions
-------------------------------
A3 - Cross-Site Scripting (XSS)
-------------------------------
Cross-Site Scripting - Reflected (GET)
Cross-Site Scripting - Reflected (POST)
Cross-Site Scripting - Reflected (JSON)
Cross-Site Scripting - Reflected (AJAX/JSON)
Cross-Site Scripting - Reflected (AJAX/XML)
Cross-Site Scripting - Reflected (Back Button)
Cross-Site Scripting - Reflected (Custom Header)
Cross-Site Scripting - Reflected (Eval)
Cross-Site Scripting - Reflected (HREF)
Cross-Site Scripting - Reflected (Login Form)
Cross-Site Scripting - Reflected (phpMyAdmin)
Cross-Site Scripting - Reflected (PHP_SELF)
Cross-Site Scripting - Reflected (Referer)
Cross-Site Scripting - Reflected (User-Agent)
Cross-Site Scripting - Stored (Blog)
Cross-Site Scripting - Stored (Change Secret)
Cross-Site Scripting - Stored (Cookies)
Cross-Site Scripting - Stored (SQLiteManager)
Cross-Site Scripting - Stored (User-Agent)
--------------------------------------
A4 - Insecure Direct Object References
--------------------------------------
Insecure DOR (Change Secret)
Insecure DOR (Reset Secret)
Insecure DOR (Order Tickets)
------------------------------
A5 - Security Misconfiguration
------------------------------
Arbitrary File Access (Samba)
Cross-Domain Policy File (Flash)
Cross-Origin Resource Sharing (AJAX)
Cross-Site Tracing (XST)
Denial-of-Service (Large Chunk Size)
Denial-of-Service (Slow HTTP DoS)
Denial-of-Service (SSL-Exhaustion)
Denial-of-Service (XML Bomb)
Insecure DistCC Configuration
Insecure FTP Configuration
Insecure NTP Configuration
Insecure SNMP Configuration
Insecure VNC Configuration
Insecure WebDAV Configuration
Local Privilege Escalation (sendpage)
Local Privilege Escalation (udev)
Man-in-the-Middle Attack (HTTP)
Man-in-the-Middle Attack (SMTP)
Old/Backup & Unreferenced Files
Robots File (Disclosure)
----------------------------
A6 - Sensitive Data Exposure
----------------------------
Base64 Encoding (Secret)
BEAST/CRIME/BREACH SSL Attacks
Clear Text HTTP (Credentials)
Heartbleed Vulnerability
Host Header Attack (Reset Poisoning)
HTML5 Web Storage (Secret)
POODLE Vulnerability
SSL 2.0 Deprecated Protocol
Text Files (Accounts)
--------------------------------------------
A7 - Missing Functional Level Access Control
--------------------------------------------
Directory Traversal - Directories
Directory Traversal - Files
Host Header Attack (Cache Poisoning)
Host Header Attack (Reset Poisoning)
Local File Inclusion (SQLiteManager)
Remote & Local File Inclusion (RFI/LFI)
Restrict Device Access
Restrict Folder Access
Server Side Request Forgery (SSRF)
XML External Entity Attacks (XXE)
--------------------------------------
A8 - Cross-Site Request Forgery (CSRF)
--------------------------------------
Cross-Site Request Forgery (Change Password)
Cross-Site Request Forgery (Change Secret)
Cross-Site Request Forgery (Transfer Amount)
--------------------------------------
A9 - Using Known Vulnerable Components
--------------------------------------
Buffer Overflow (Local)
Buffer Overflow (Remote)
Drupal SQL Injection (Drupageddon)
Heartbleed Vulnerability
PHP CGI Remote Code Execution
PHP Eval Function
phpMyAdmin BBCode Tag XSS
Shellshock Vulnerability
SQLiteManager Local File Inclusion
SQLiteManager PHP Code Injection
SQLiteManager XSS
--------------------------------------
A10 - Unvalidated Redirects & Forwards
--------------------------------------
Unvalidated Redirects & Forwards (1)
Unvalidated Redirects & Forwards (2)
----------
Other bugs
----------
ClickJacking (Movie Tickets)
Client-Side Validation (Password)
HTTP Parameter Pollution
HTTP Response Splitting
HTTP Verb Tampering
Information Disclosure - Favicon
Information Disclosure - Headers
Information Disclosure - PHP version
Information Disclosure - Robots File
Insecure iFrame (Login Form)
Unrestricted File Upload
------
Extras
------
A.I.M. - No-authentication Mode
Client Access Policy File
Cross-Domain Policy File
Evil 666 Fuzzing Page
Hidden Backdoor File
Manual Intervention Required!
Unprotected Admin Portal
We Steal Secrets... (html)
We Steal Secrets... (plain)
WSDL File (Web Services/SOAP)
安裝與使用:
前置環(huán)境:docker
1. docker pull registry.cn-shanghai.aliyuncs.com/yhskc/bwapp
2. docker run -d -p 0.0.0.0:80:80 registry.cn-shanghai.aliyuncs.com/yhskc/bwapp
# 列出 container id
3. docker container list -a
4. docker start %container-id%初始化環(huán)境:
1. 安裝 : http://localhost/install.php
2. 注冊新用戶
3. 登陸
4. 選擇要測試的漏洞注冊新用戶
登陸
選擇要測試的漏洞
關(guān)于這個環(huán)境的使用,也可以參照上一篇中所寫: 不要再被這樣的流氓郵件給坑了
關(guān)于計算機(jī)專業(yè),有個調(diào)侃就是“修電腦”的,所以首先為了避免不必要的麻煩以及更好地在妹子面前裝B,我建議你去了解一下電腦常見故障的解決辦法以及萬能的“沒什么事是重裝解決不了的,如果有那就再重裝一下”!
玩過的小伙伴都懂吧
基礎(chǔ)課程:
數(shù)字電子技術(shù)、模擬電子技術(shù)、計算機(jī)組成原理、計算機(jī)操作系統(tǒng)、計算機(jī)網(wǎng)絡(luò)、微機(jī)原理與接口技術(shù)、高級語言(C語言)、軟件工程、數(shù)據(jù)結(jié)構(gòu)、高等數(shù)學(xué)、離散數(shù)學(xué)、線性代數(shù)概率論與數(shù)理統(tǒng)計、以及算法設(shè)計與分析等。
拓展課程:前端——HTML5+CSS3、JavaScript+JQuery等;
后端——C++、JAVA、.NET、PHP、Ruby或Python等;
PS:前端跟后端的分類只是說這個語言適合做這件事,而不是說只能做這件事,望周知。
不正經(jīng)一下
最近看到一些關(guān)于IT市場人才飽和的文章,其實(shí)吧,飽和的是碼農(nóng),不是高級程序員,如果你在校期間沒學(xué)好自己專業(yè)的課程的話,很有可能你就是飽和的那一批人,由于是第一次發(fā)文,沒做好充分準(zhǔn)備,想有更深的了解請登錄——http://www.chinabgao.com/k/it.html;中國報告大廳->IT行業(yè)市場分析報告。
嘻嘻~關(guān)注我你就知道了,我會再這里在平時上課的知識總結(jié)在這里我們討論,達(dá)到共同進(jìn)步的效果~感興趣的同學(xué)可以點(diǎn)一下關(guān)注哈~
當(dāng)然,平時遇到什么好玩的代碼也會跟大家分享!
者 | David Goldstein
譯者 | 王強(qiáng)
策劃 | 小智
轉(zhuǎn)發(fā)鏈接:https://mp.weixin.qq.com/s/TK7kWXX4hR3e-jtpVMuBnw
*請認(rèn)真填寫需求信息,我們會在24小時內(nèi)與您取得聯(lián)系。
