پیش نیاز این دوره، CEH  می باشد

• مدیران فناوری اطلاعات
• مدیران امنیت اطلاعات
• کارشناسان امنیت
• کارشناسان واحد پاسخگویی به حوادث
• کارشناسان واحد مرکز عملیات امنیت

Header Security (DEV522.3, DEV522.6, DEV541.1, DEV544.1)

X-XSS-Protection

Secure Flag

Http Only Flag

PHP Header

MVC Header

Server Header

X-Content-Type

Authentication (DEV522.1, DEV541.2, DEV544.2)

Authentication Scenarios

Implementing form authentication

Password Control

CAPTCHA Mechanism

Mitigating brute force attacks

Authentication Protocols (OAuth, OpenId, SAML, FIDO)

Authorization (DEV522.1, DEV541.3, DEV544.3)

Authorization models

URL authorization

File authorization

Role Based Access Control (RBAC)

Discretionary Access Control (DAC)

Mandatory Access Control (MAC)

Permission Based Access Control

Working with identities

Claim based authorization

Role manager

MVC Authorization

Session Management (DEV541.2, DEV544.2)

Session management techniques

Session state options in .NET

Avoiding session hijacking

Cookie based session management

Cookie information leakage

Cookie Attribute

Session Expiration

Session management common vulnerabilities

Input Validation (DEV541.1, DEV544.1)

Data Validation Strategies

Sanitize with Whitelist

Sanitize with Blacklist

Implement Validator

Output Encoding (DEV541.1, DEV544.1)

Preventing HTML injection

Preventing Cross Site Scripting (XSS)

AJAX and Web Services Security (DEV522.4)

Web services overview

Security in parsing of XML

XML security

AJAX technologies overview

AJAX attack trends and common attacks

AJAX defense

Error Handling (DEV541.3, DEV544.3)

Structured exception handling – Try, Catch, Finally

Creating custom error pages

HTTP error codes

Error handling strategies

Auditing & Logging (DEV541.3, DEV544.3)

Event message structure

Logging best practices