Web Hacking Black Belt Edition

Who Should Attend

• Web developers
• Intermediate level penetration testers
• DevOps engineers, network engineers
• Security researchers / analysts
• Security architects
• Security professionals & enthusiasts
• Anyone who wants to take their skills to the next level

Prerequisites

• Intermediate knowledge of web application security
• Familiarity with common web vulnerabilities
• Experience with penetration testing tools like Burp Suite
• Understanding of HTTP protocol and web technologies

What You Will Learn

• Advanced authentication and SSO attacks including token hijacking and OAuth exploitation
• Password reset attack techniques and bypasses
• Business logic flaws and authorization bypass methods
• XML External Entity (XXE) attacks including advanced OOB exploitation
• Breaking cryptographic implementations
• Remote Code Execution through serialization attacks
• Advanced SQL injection techniques and WAF bypass
• Server-Side Request Forgery (SSRF) exploitation
• Cloud-specific attack techniques
• Web caching attacks and miscellaneous vulnerabilities

Course Outline

Labs & Practical Exercises

The class is taught by a real pen tester and the real-world stories shared during the class help attendees in putting things into perspective. Access to a hacking lab during the course and numerous scripts and tools will also be provided during the training, along with student handouts. Our courses also come with detailed answer sheets - a step by step walkthrough of how every exercise within the class needs to be solved. A custom Kali image loaded with plugins and tools (some public and some NotSoPublic) is provided to aid in quickly identifying and exploiting vulnerabilities.

Certification & Assessment

Certificate of Completion. The syllabus is revised regularly to reflect the latest in-the-wild hacks and bug-bounty discoveries.