Featured image
Truesec pattern
Training

Web Application Hacking

Share

This hands-on web hacking training is developed and presented by Fabio Viggiani, a leading web application and pen test expert. The training will prepare you with the right mindset to identify potential security holes just by looking at a web application.

Learn how to identify security holes and hack modern web applications!

You will learn how to identify the vulnerabilities that affect the majority of the web apps today, how to exploit them in order to compromise the web server, and how to expand your influence by compromising the infrastructure behind it and taking control of the entire organization.

The training focuses on exercises and challenges based on real-world scenarios. You will start with simple tasks to understand the concepts and continue with more complex challenges. At the end of the course, you will be able to perform the same attacks that are used to compromise major websites today.

Tailored Training or a Scheduled Course?

We can help you or your team understand your specific skills and development needs. Send us a request, and we’ll guide you, or reserve a spot on our next scheduled course below.

Level
300-400

Target Audience
Anyone interested in understanding and exploiting web application security flaws. Although the focus is on attacking web applications, this course is particularly valuable for (web) developers: being on the attacker’s side will teach you how different coding choices reflect on the attack surface.

Prerequisite Knowledge
Web technologies, basic HTML, basic networking.

Target
– Understand the attacker’s mindset and how simple flaws can lead to the full compromise of an organization.
– Learn how to use hacking tools to attack web applications.
– Get your hands dirty and compromise vulnerable web applications.

Materials
Virtual machines containing:
– A vulnerable web application
– Access to the vulnerable code
– Hacking tools to attack the web application

Notes with a description of all addressed topics and solutions to exercises and challenges

Details
DAY 1
– Introduction
– Technologies and tools
– Procedures and methodologies: build the mindset
– Real world hacking demos
– Information gathering: observe the target and make a plan
– SQL injection detection and exploitation
– Other types of injections

DAY 2
– Exploit Cross-Site Scripting
– Break access controls
– Have the victim do it for you: Cross-Site Request Forgery
– Bypass client-side controls
– Attack authentication and session management
– Exploit back-end components

DAY 3
– Attack application logic
– Target the server
– Put everything together, short review and summary
– Demo: complete takeover of an environment
– Final challenge

Enquire training

Online trainings

See all trainings
M365 Security Boost
23Jan
Upcoming
Training
$750

M365 Security Boost

Application Security Testing and Mitigation for Developers and Testers
Training

Application Security Testing and Mitigation for Developers and Testers

Secure Coding Patterns
Training

Secure Coding Patterns

Implementing Microsoft 365 Security Solutions
Training
$1,895

Implementing Microsoft 365 Security Solutions

Managing Endpoints With Microsoft Intune
Training

Managing Endpoints With Microsoft Intune

Mobile Device Management Using Microsoft Intune
Training
$1,595

Mobile Device Management Using Microsoft Intune

Introduction to PowerShell
Training
$3,495

Introduction to PowerShell

Introduction to Windows 10 Management
Training

Introduction to Windows 10 Management

Social Engineering, the Human Side of Security [2 Days]
Training
$1,835

Social Engineering, the Human Side of Security [2 Days]

Cybersecurity Threats and Defenses in a Microsoft 365 Platform
Training
$4,995

Cybersecurity Threats and Defenses in a Microsoft 365 Platform

Stay ahead in cyber

Join 1000+ other cyber professionals that get monthly updates from us with the key things to know.

You might also like...

Go to Knowledge Hub