Advanced Web Hacking

This is our 5-day Advanced-level web application security testing course.

Much like our popular Advanced Infrastructure Hacking class, this class talks about a wealth of hacking techniques to compromise web applications, APIs, cloud components and other associated end-points. This class focuses on specific areas of appsec and on advanced vulnerability identification and exploitation techniques (especially server side flaws). The class allows attendees to practice some neat, new and ridiculous hacks which affected real life products and have found a mention in real bug-bounty programs. The vulnerabilities selected for the class either typically go undetected by modern scanners or the exploitation techniques are not so well known.

Note: Attendees will also benefit from a state-of-art Hacklab and we will be providing free 30 days lab access after the class to allow attendees more practice time.

2023 Edition

Fast track available

5 day practical class

Available by Partners

Live, online available

Hack-Lab for 30 days

Advanced

Course Overview

Advanced Web Hacking course talks about a wealth of hacking techniques to compromise web applications, APIs and associated end-points. This course focuses on specific areas of app-sec and on advanced vulnerability identification and exploitation techniques (especially server side flaws). This hands-on course covers neat, new and ridiculous hacks which affected real life products and have found a mention in real bug-bounty programs. In this course vulnerabilities selected are ones that typically go undetected by modern scanners or the exploitation techniques are not so well known.

See what the 'Advanced Infrastructure Course' holds in store.
Interested

Interested?

1. Our courses are available directly from us; through our training partners or at worldwide technical conferences.

2. You can find course dates and prices on the Courses and Webinars page. Click here for course dates, prices and content

3. Take a look below at a few of the upcoming courses for this specific training.

4. For more information including private course requests, complete the short form below.

Courses and webinars

Booking enquiries

Select the course from the Courses and Webinars Page.

Click here for course dates and prices

For private course delivery enquiries or other information, please use the form alongside.

The course is also available from our partners listed below.

QA training

For security and IT decision makers

What’s the real impact of training your team through NotSoSecure?

Harden your perimeter, lower the risk of compromise, and make your organisation a less attractive target for attackers by building a team that can identify, test, and guide developers to secure web-based vulnerabilities. Trained delegates can:

  • Perform security testing to identify and safely exploit complex web vulnerabilities that get missed by scanners and other automated tools – this can help you detect vulnerabilities and recommend patching accordingly.
  • Design this testing around real-world attacker behaviour and tooling, making it relevant to the threats facing your organisation.
  • Customise offensive tooling to generate tailored (rather than “out of the box”) payloads that lead to more advanced testing.
  • Recommend measures to circumvent any conditions that could lead to the emergence of vulnerabilities.
  • Understand the business impact of web vulnerabilities and articulate this to key stakeholders.
  • Take on greater responsibility in the team and become an advocate of security in the wider business.

Course Details

You will be able to:

  • Effectively exfiltrate data using Out of Band Techniques for certain vulnerabilities
  • Pen Test encrypted parameters to find vulnerabilities
  • Learn how to bypass SSO functionalities
  • Find SQL injection vulnerabilities not detected by Automated tools
  • Break weak crypto implementations
  • Learn ways to bypass password reset functionalities

You will receive:

Access to a hacking lab not just during the course but for 30 days after the class too. This gives them plenty of time to practice the concepts taught in the class. Numerous scripts and tools will also be provided during the training, along with student handouts.

Our courses also come with detailed answer sheets. That is a step by step walkthrough of how every exercise within the class needs to be solved. These answer sheets are also provided to students at the end of the class.

What you can take away from the course:

  • The latest hacks in the world of web hacking. The class content has been carefully handpicked to focus on some neat, new and ridiculous attacks.
  • We provide a custom kali image for this class. The custom kali image has been loaded with a number of plugins and tools (some public and some NotSoPublic) and these aid in quickly identifying and exploiting vulnerabilities discussed during the class.
  • The class is taught by a real Pen Tester and the real-world stories shared during the class help attendees in putting things into perspective.

Details of the course content:

INTRODUCTION

  • Lab Setup And Architecture Overview
  • Introduction To Burp Features

ATTACKING AUTHENTICATION AND SSO

  • Token Hijacking attacks
  • Logical Bypass / Boundary Conditions
  • Bypassing 2 Factor Authentication
  • Authentication Bypass using Subdomain Takeover
  • JWT/JWS Token attacks
  • SAML Authorization Bypass
  • OAuth Issues

PASSWORD RESET ATTACKS

  • Session Poisoning
  • Host Header Validation Bypass
  • Case study of popular password reset fails

BUSINESS LOGIC FLAWS / AUTHORIZATION FLAWS

  • Mass Assignment
  • Invite/Promo Code Bypass
  • Replay Attack
  • API Authorisation Bypass
  • HTTP Parameter Pollution (HPP)

XML EXTERNAL ENTITY (XXE) ATTACK

  • XXE Basics
  • Advanced XXE Exploitation over OOB channels
  • XXE through SAML
  • XXE in File Parsing

BREAKING CRYPTO

  • Known Plaintext Attack (Faulty Password Reset)
  • Padding Oracle Attack
  • Hash length extension attacks
  • Auth bypass using .NET Machine Key
  • Exploiting padding oracles with fixed IVs

REMOTE CODE EXECUTION (RCE)

  • Java Serialisation Attack
    • Binary
    • XML
    • SerialVersionUID Mismatch
  • .Net Serialisation Attack
  • PHP Serialization Attack
  • Python serialization attack
  • Server Side Template Injection
  • Exploiting code injection over OOB channel

SQL INJECTION MASTERCLASS

  • 2nd order injection
  • Out-of-Band exploitation
  • SQLi through crypto
  • OS code exec via powershell
  • Advanced topics in SQli
  • Advanced SQLMap Usage and WAF bypass
  • Pentesting GraphQL
  • Introspection based attacks on GraphQL

TRICKY FILE UPLOAD

  • Malicious File Extensions
  • Circumventing File validation checks
  • Exploiting hardened web servers
  • SQL injection via File Metadata

SERVER SIDE REQUEST FORGERY (SSRF)

  • SSRF to query internal network
  • SSRF to exploit templates and extensions
  • SSRF filter bypass techniques
  • Various Case studies

ATTACKING THE CLOUD

  • SSRF Exploitation
  • Serverless exploitation
  • Google Dorking in the Cloud Era
  • Cognito misconfiguration to data exfiltration
  • Post Exploitation techniques on Cloud-hosted applications
  • Various Case Studies

ATTACKING HARDENED CMS

  • Identifying and attacking various CMS
  • Attacking Hardened WordPress, Joomla and Sharepoint

WEB CACHING ATTACKS

MISCELLANEOUS VULNERABILITIES

  • Unicode Normalization attacks
  • Second order IDOR attack
  • Exploiting misconfigured code control systems
  • HTTP Desync attack

ATTACK CHAINING N TIER VULNERABILITY CHAINING LEADING TO RCE

VARIOUS CASE STUDIES

  • A Collection of weird and wonderful XSS and CSRF attacks

Prerequisites

Who Should Take This Class?

  • Web developers
  • SOC analysts
  • Intermediate level penetration testers
  • DevOps engineers, network engineers
  • Security architects
  • Security enthusiasts
  • Anyone who wants to take their skills to the next level

You will need:

Students must bring their own laptop and have admin/root access on it. The laptop must have a virtualization software (virtualbox / VMWare) pre installed. A customized version of Kali Linux (ova format) containing custom tools, scripts and VPN scripts for the class will be provided to the students. The laptop should have at least 4 GB RAM and 20 GB of free disk space dedicatedly for the VM.

Users are also encouraged to familiarize themselves with Burp Suite https://portswigger.net/burp/communitydownload to gain maximum out of the class.

It is recommended that you complete one of the following courses before taking this course:

The Art of Hacking

Web hacking training

Advanced Web Hacking

Course Information

You can download a copy of the course information below.

In addition you will also be provided with a student pack, handouts and cheat-sheets if appropriate.

2 days course 4 days course 5 days course

Your Training Roadmap

Offensive Classes

Hacking training for all levels: new to advanced. Ideal for those preparing for certifications such as CREST CCT (ICE), CREST CCT (ACE), CHECK (CTL), TIGER SST as well as infrastructure / web application penetration testers wishing to add to their existing skill set.

Defensive Classes

Giving you the skills needed to get ahead and secure your business by design. We specialise in application security (both secure coding and building security testing into your software development lifecycle) and cloud security. Build security capability into your teams enabling you to move fast and stay secure.

Testimonials

Very impressed with the lab environment. Course is packed with Information and exciting challenges. Excellent Content and in-depth presentation. Loved the practice timing and walk-through. The extended lab access is helpful to practice after the class."

Delegate, Black Hat USA

This course was exactly as described. It delivered good, solid information on the current state of infrastructure hacking at the rapid pace promised. This was a great way to get back into this area after years away from it."

Delegate, Black Hat USA

Very excellent course, highly recommend even for those new to Pen Testing! Great work & Effort."

Delegate, Black Hat USA

Compressing 4 days of material is very hard to do. I have to say that this class did it well. My brain hurts, not because the class was bad but because it was very, very good. The instructor was well versed in the subject and the assistance was effective. I really appreciate the "recap" after every section. Top notch. The course was exactly as described."

Delegate, Black Hat USA

It provided me with the latest Information Security research & development."

Delegate, Black Hat USA

Took this course as the 4-day was full, and was prepared for a fast-paced nightmare! On the contrary this course was well planned for the timescales. Happy with the solution."

Delegate, Black Hat USA