This hands-on web hacking training is developed and presented by Fabio Viggiani, a leading web application and pen test expert. The training will prepare you with the right mindset to identify potential security holes just by looking at a web application.
Learn how to identify security holes and hack modern web applications!
You will learn how to identify the vulnerabilities that affect the majority of the web apps today, how to exploit them in order to compromise the web server, and how to expand your influence by compromising the infrastructure behind it and taking control of the entire organization.
The training focuses on exercises and challenges based on real-world scenarios. You will start with simple tasks to understand the concepts and continue with more complex challenges. At the end of the course, you will be able to perform the same attacks that are used to compromise major websites today.
Tailored Training or a Scheduled Course?
We can help you or your team understand your specific skills and development needs. Send us a request, and we’ll guide you, or reserve a spot on our next scheduled course below.
Level
300-400
Target Audience
Anyone interested in understanding and exploiting web application security flaws. Although the focus is on attacking web applications, this course is particularly valuable for (web) developers: being on the attacker’s side will teach you how different coding choices reflect on the attack surface.
Prerequisite Knowledge
Web technologies, basic HTML, basic networking.
Target
– Understand the attacker’s mindset and how simple flaws can lead to the full compromise of an organization.
– Learn how to use hacking tools to attack web applications.
– Get your hands dirty and compromise vulnerable web applications.
Materials
Virtual machines containing:
– A vulnerable web application
– Access to the vulnerable code
– Hacking tools to attack the web application
Notes with a description of all addressed topics and solutions to exercises and challenges
Details
DAY 1
– Introduction
– Technologies and tools
– Procedures and methodologies: build the mindset
– Real world hacking demos
– Information gathering: observe the target and make a plan
– SQL injection detection and exploitation
– Other types of injections
DAY 2
– Exploit Cross-Site Scripting
– Break access controls
– Have the victim do it for you: Cross-Site Request Forgery
– Bypass client-side controls
– Attack authentication and session management
– Exploit back-end components
DAY 3
– Attack application logic
– Target the server
– Put everything together, short review and summary
– Demo: complete takeover of an environment
– Final challenge