Basic Web Hacking

This is a 2-day entry-level web application security testing course.

This is an entry-level web application security testing course and also a recommended pre-requisite course before enrolling for our “Advanced Web Hacking” course. This foundation course of “Web Hacking” familiarises the attendees with the basics of web application and web application security concerns. A number of tools and techniques, backed up by a systematic approach on the various phases of hacking will be discussed during this 2-day course. If you would like to step into a career of Ethical Hacking / Pen Testing with the right amount of knowledge, this is the right course for you.

Get certified:

Once you have completed the course, you can take an optional exam with Check Point whenever it suits you, and become a Web Hacking Check Point Certified Pen Testing Expert (CCPE).

2023 Edition

2 day practical class

Available by Partners

Live, online available

Basic

Course Overview

As a foundation course in “Web Hacking” you will become familiarised with the basics of web applications and their security concerns. A number of tools and techniques, backed up by a systematic approach on the various phases of web hacking are discussed during your 2 days.

See what our training roadmap covers.
Interested

Interested?

1. Our courses are available directly from us; through our training partners or at worldwide technical conferences.

2. You can find course dates and prices on the Courses and Webinars page. Click here for course dates, prices and content

3. Take a look below at a few of the upcoming courses for this specific training.

4. For more information including private course requests, complete the short form below.

Courses and webinars

Booking enquiries

Select the course from the Courses and Webinars Page.

Click here for course dates and prices

For private course delivery enquiries or other information, please use the form alongside.

The course is also available from our partners listed below.

QA training

If booked through Check Point, Cyber-Security Leraning Credits are accepted for this course.

Check Point training

For security and IT decision makers

What’s the real impact of training your team through NotSoSecure?

Start to build the skills within your team to harden your perimeter, lower the risk of compromise, and make your organisation a less attractive target for attackers. Trained delegates can:

  • Confidently articulate the intricacies of the HTTP protocol and how it can be manipulated to achieve a malicious goal.
  • Understand how to use industry-standard tools, such as Burpsuite, to perform manual penetration testing against web applications.
  • Find and exploit vulnerabilities in web applications, including those that would lead to injection attacks, authorisation and bypass authentication, malicious file uploads, and more.
  • Identify the infrastructure and frameworks underlying a web attack surface.
  • Understand complications related to cryptography and the effect on web applications.
  • Understand how to tie security testing and other offensive and defensive measures back to authentic attack vectors.

Course Details

You will be able to:

  • Gain an introduction into web application hacking
  • Understand how web application security flaws are discovered
  • Work with the leading industry standards and approaches
  • Build a foundation to progress your knowledge and move into more advanced Web Application topics

You will receive:

Access to part of our Hack-Lab, our online course environment. This gives you plenty of time to practice the concepts taught during the course. There are challenges, examples and demos to get to grips with, and all the support you need.

What you can take away from the course:

This course familiarises you with a wealth of tools and techniques required to breach and compromise the security of web applications. The course starts by discussing the very basics of web application concepts, and gradually builds up to a level where you can not only use the tools and techniques to hack various components involved in a web application, but also walk away with a solid understanding of the concepts on which these tools are based. The course will also talk about industry standards such as OWASP Top 10 and PCI DSS which form a critical part of web application security. Numerous real life examples will be discussed during the course to help you understand the true impact of these vulnerabilities.

Details of the course content:

UNDERSTANDING THE HTTP PROTOCOL

  • HTTP Protocol Basics
  • Introduction to proxy tools

INFORMATION GATHERING

  • Enumeration Techniques
  • Understanding Web Attack surface

USERNAME ENUMERATION & FAULTY PASSWORD RESET

  • Attacking Authentication and Faulty Password mechanisms

AUTHORIZATION BYPASS

  • Logical Bypass techniques
  • Session related issues

CROSS SITE SCRIPTING (XSS)

  • Various types of XSS
  • Session Hijacking & other attacks

ISSUES WITH SSL / TLS

  • SSL/TLS misconfiguration

CROSS SITE REQUEST FORGERY (CSRF)

  • Understanding CSRF attack
  • Various impacts of SSRF attack

SQL INJECTION

  • SQL Injection types
  • Manual Exploitation

XML EXTERNAL ENTITY (XXE) ATTACKS

  • XXE Basics
  • XXE exploitation

INSECURE FILE UPLOADS

  • Attacking File upload functionality

DESERIALIZATION VULNERABILITIES

  • Serialization Basics
  • PHP Deserialization Attack

INSECURE FILE UPLOADS

  • Attacking File upload functionality

COMPONENTS WITH KNOWN VULNERABILITIES

  • Understanding risks known vulnerabilities
  • Known vulnerabilities leading to critical exploits

INSUFFICIENT LOGGING AND MONITORING

  • Understanding importance of logging and monitoring
  • Common pitfalls in logging and monitoring

MISCELLANEOUS

  • Understanding formula Injection attack
  • Understanding Open Redirection attack

Prerequisites

Who Should Take This Class?

  • Security enthusiasts
  • Anybody who wishes to make a career in this domain and gain some knowledge of networks and applications
  • Web Developers
  • System Administrators
  • SOC Analysts
  • Network Engineers
  • Pen Testers who are wanting to level up their skills

You will need:

Delegates should bring their laptop with windows operating system installed (either natively or running in a VM). Further, Delegates must have administrative access to perform tasks such as installing software, disabling antivirus etc. Devices that don’t have an Ethernet connection (e.g. MacBook Air, tablets etc.) will not be supported during the course.

Basic Web Hacking

Course Information

You can download a copy of the course information below.

In addition you will also be provided with a student pack, handouts and cheat-sheets if appropriate.

Download the course information

Your Training Roadmap

Offensive Classes

Hacking training for all levels: new to advanced. Ideal for those preparing for certifications such as CREST CCT (ICE), CREST CCT (ACE), CHECK (CTL), TIGER SST as well as infrastructure / web application penetration testers wishing to add to their existing skill set.

Defensive Classes

Giving you the skills needed to get ahead and secure your business by design. We specialise in application security (both secure coding and building security testing into your software development lifecycle) and cloud security. Build security capability into your teams enabling you to move fast and stay secure.

Testimonials

The theory and methodology was explained very well by the trainer. I thought he was really good at answering questions and adjusting his explanations so that everyone grasps the concepts. I came away from the course understanding everything covered on the syllabus, which is testament of his ability to break down complex concepts into a way that was easy to understand."

Delegate, Basic Web Hacking

It was a wonderful course. Instructor was very good and I hope to join another course with Notsosecure."

Delegate, Basic Web Hacking

Very organized and clearly presented. Great having hands-on experience with individuals ready to assist when help is needed."

Delegate, Black Hat USA

One of the best classes I have taken in a long time. The contest was on point and kept me engaged. I am new to Cyber Security after 25 years in App Development and am very pleased with what I have learned."

Delegate, Black Hat USA

Really enjoyed the lab and the walkthroughs, it helped expedite the learning process."

Delegate, Black Hat USA