Web Hacking

2020 Edition
2 Day Practical Class

 

This is an entry-level web application security testing course and also a recommended pre-requisite course before enrolling for our “Advanced Web Hacking” course. This foundation course of “Web Hacking” familiarises the attendees with the basics of web application and web application security concerns. A number of tools and techniques, backed up by a systematic approach on the various phases of hacking will be discussed during this 2-day course. If you would like to step into a career of Ethical Hacking / Pen Testing with the right amount of knowledge, this is the right course for you.

Really enjoyed the lab and the walkthroughs, it helped expedite the learning process.Delegate, Black Hat USA 2016
Very organized and clearly presented. Great having hands-on experience with individuals ready to assist when help is neededDelegate, Black Hat USA 2016
One of the best classes I have taken in a long time. The contest was on point and kept me engaged. I am new to Cyber Security after 25 years in App Development and am very pleased with what I have learnedDelegate, Black Hat USA 2016

Class Overview

This course familiarises the attendees with a wealth of tools and techniques required to breach and compromise the security of web applications. The course starts by discussing the very basics of web application concepts, and gradually builds up to a level where attendees can not only use the tools and techniques to hack various components involved in a web application, but also walk away with a solid understanding of the concepts on which these tools are based. The course will also talk about industry standards such as OWASP Top 10 and PCI DSS which form a critical part of web application security. Numerous real life examples will be discussed during the course to help the attendees understand the true impact of these vulnerabilities.

Class Details

This class familiarises the attendees with a wealth of tools and techniques needed to breach the security of web applications. The class starts from the very basic, and gradually builds up to a level where attendees can not only use the tools and techniques to hack various components involved in Web Application hacking, but also walk away with a solid understanding of the concepts on which these tools are based. The class also covers the industry standards such as OWASP Top 10, PCI DSS and contains numerous real life examples to help the attendees understand the true impact of these vulnerabilities.

Understanding The Http Protocol

  • HTTP Protocol Basics
  • Introduction to proxy tools

Information Gathering

  • Enumeration Techniques
  • Understanding Web Attack surface

Username Enumeration & Faulty Password Reset

Attacking Authentication and Faulty Password mechanisms

Issues With SSL/TLS

SSL/TLS misconfiguration

Authorization Bypass

  • Logical Bypass techniques
  • Session related issues

Cross Site Scripting (XSS)

  • Various types of XSS
  • Session Hijacking & other attacks

Cross Site Request Forgery (CSRF)

Understanding CSRF attack

SQL Injection

  • SQL Injection types
  • Manual Exploitation

Xml External Entity (XXE) Attacks

  • XXE Basics
  • XXE exploitation

Insecure File Uploads

Attacking File upload functionality

Deserialization Vulnerabilities

  • Serialization Basics
  • PHP Deserialization Attack

Prerequisites

Who Should Take This Class?

Security enthusiasts
Anybody who wishes to make a career in this domain
and gain some knowledge of networks and applications
Web Developers
System Administrators
SOC Analysts
Network Engineers
Pen Testers who are wanting to level up their skills

Student Requirements

Delegates should bring their laptop with windows operating system installed (either natively or running
in a VM). Further, Delegates must have administrative access to perform tasks such as installing software, disabling antivirus etc. Devices that don’t have an Ethernet connection (e.g. MacBook Air, tablets etc.) will not be supported during the course.

How to book




    What courses are you interested in?



    Delivery:

    Also Available from our partners below

    Global / Remote

    Visit

    Hacking Training Classes

    Lab-Based Training - Written by BlackHat Trainers - Available Globally

    NotSoSecure classes are ideal for those preparing for CREST CCT (ICE), CREST CCT (ACE), CHECK (CTL), TIGER SST and other similar industry certifications, as well as those who perform Penetration Testing on infrastructure / web applications as a day job & wish to add to their existing skill set.

    Download the Hacking Classes Brochure

    Training Events

    The Art of Hacking: Introduction to Web Applications

    The Art of Hacking: Introduction to Web Applications

    1st December 2020

    Webinar - Global

    Free registration
    Web Hacking – Black Belt Edition (Black Hat EU)

    Web Hacking – Black Belt Edition (Black Hat EU)

    7th – 8th December 2020

    Live Online Training

    Register
    Web Hacking

    Web Hacking

    15th February 2021

    Live Online Training

    Register
    Web Hacking

    Web Hacking

    17th February 2021

    Live Online Training

    Register

    NotSoSecure Training Journey:

    Beginner Friendly

    Hacking 101

    The Art of Hacking

    2020 Edition

    The Art of Hacking

    =
    2020 Edition

    Infrastructure Hacking

    +
    2020 Edition

    Web Hacking

    Specialist Offensive Classes

    2020 Edition

    Advanced Infrastructure Hacking

    2020 Edition

    Advanced Web Hacking

    NEW

    Hacking and Securing Cloud Infrastructure

    Specialist Defence Classes

    2020 Edition

    AppSec for Developers

    NEW

    DevSecOps

    NEW

    AppSecOps