Web Application Hacking

Did you know that hackers and cybercriminals out there can compromise your web applications and servers with nothing more than a web browser and a few publically available tools?

Web Application Hacking Training Fabio Viggiani runs this 3-days-lab.

Book lab

    We don´t have this training scheduled right now. Let us know that you´re interested in this training using the form below.

This hands-on web hacking training is developed and presented by Fabio Viggiani, leading web application and pen test expert. The training will prepare you with the right mindset to identify potential security holes just by looking at a web application. 

Learn how to identify security holes and hack modern web applications!

You will learn how to identify the vulnerabilities that affect the majority of the web apps today, how to exploit them in order to compromise the web server, and how to expand your influence by compromising the infrastructure behind it and take control of the entire organization.

The training focuses on exercises and challenges based on real-world scenarios. You will start from simple tasks to understand the concepts, and continue with more complex challenges. At the end of the course, you will be able to perform the same attacks that are used to compromise major websites today.

Tailored training or a scheduled course?

We can help you or your team understand your specific skills and development needs. Send us a request, and we’ll guide you, or reserve a spot on our next scheduled course below.

 

Level
300-400

Target audience
Anyone interested in understanding and exploiting web application security flaws. Although the focus is on attacking web applications, this course is particularly valuable for (web) developers: being on the attacker’s side will teach you how different coding choices reflect on the attack surface.

Pre knowledge requirement
Web technologies, basic HTML, basic networking.

Target
– Understand the attacker’s mindset and how simple flaws can lead to the full compromise of an organization.
– Learn how to use hacking tools to attack web applications.
– Get your hands dirty and compromise vulnerable web applications.

Material
Virtual machines containing:
– A vulnerable web application
– Access to the vulnerable code
– Hacking tools to attack the web application

Notes with a description of all addressed topics and solutions to exercises and challenges

Details
DAY 1
– Introduction
– Technologies and tools
– Procedures and methodologies: build the mindset
– Real world hacking demos
– Information gathering: observe the target and make a plan
– SQL injection detection and exploitation
– Other types of injections

DAY 2
– Exploit Cross Site Scripting
– Break access controls
– Have the victim do it for you: Cross Site Request Forgery
– Bypass client-side controls
– Attack authentication and session management
– Exploit back-end components

DAY 3
– Attack application logic
– Target the server
– Put everything together, short review and summary
– Demo: complete takeover of an environment
– Final challenge

Book lab

    We don´t have this training scheduled right now. Let us know that you´re interested in this training using the form below.