Advanced Web Hacking
Book Now - 1 Delivery Method Available:
Classroom Virtual Classroom Private Group - Virtual Self-Paced OnlineOverview
NotSoSecure is pleased to launch their much awaited advanced Web Hacking course. Much like the Advanced Infrastructure Hacking class, this course talks about a wealth of hacking techniques to compromise web applications, APIs and associated end-points. This three day course will focus on specific areas of app-sec and on advanced vulnerability identification and exploitation techniques (especially server side flaws).
The course allows attendees to practice some neat, new and ridiculous hacks which affected real life products and have found a mention in real bug-bounty programs. The vulnerabilities selected for the course either typically go undetected by modern scanners or the exploitation techniques are not so well known.
Attendees can also benefit from a state-of-art Hacklab and we will be providing 30 days lab access after the course to allow attendees more practice time. This fast-paced course, gives attendees an insight into Advanced Web Hacking, the NotSoSecure team has built a state of the art Hacklab and recreated security vulnerabilities based on real life Pen Tests and real bug bounties seen in the wild.
Objectives
Delegates will learn about:
- Authentication bypass
- Saml / oauth 2.0 / auth-0 / jwt attacks
- Password reset attacks
- Breaking crypto
- Business logic flaws / authorization flaws
- Sql injection
- Remote code execution (rce)
- Server side request forgery (ssrf)
- Unrestricted file upload
- Attack chaining
Training Partners
We work with the following best of breed training partners using our bulk buying power to bring you a wider range of dates, locations and prices.
Modules
Prerequisites
We recommend that all delegates are familiar with the principles of TCP/IP networking and have a working knowledge of Windows operating systems. It is essential that delegates have a good practical ‘hands-on’ experience of the Linux command line and Linux utilities. We recommend our Understanding Linux (Linux Primer) course.
Whoever works with or against the security of modern web applications will enjoy and benefit from this course. This is not a beginner class and attendees are expected to have a good prior understanding of the OWASP top 10 issues to gain maximum value from the class. Further to this, the course does not cover all AppSec topics and focuses only on advanced identification and exploitation techniques of the vulnerabilities shown on the right.
This course will be suitable for delegates Interested in the SANS Institute course SEC542: Web App Penetration Testing and Ethical Hacking.
Scheduled Dates
Please select from the dates below to make an enquiry or booking.
Pricing
Different pricing structures are available including special offers. These include early bird, late availability, multi-place, corporate volume and self-funding rates. Please arrange a discussion with a training advisor to discover your most cost effective option.
| Code | Location | Duration | Price | Jun | Jul | Aug | Sep | Oct | Nov |
|---|---|---|---|---|---|---|---|---|---|
| Later scheduled dates may be available for this course. | |||||||||