Select Search Category

Advanced Web Attacks
and Exploitation (AWAE) Live

The days of porous network perimeters are fading fast as externally facing services become more resilient and harder to exploit. In order to gain that critical initial foothold in a network, penetration testers must be fluent in the art of exploiting front-facing web applications.

Offensive Security's Advanced Web Attacks and Exploitation (AWAE) Course was created by taking widely deployed web applications found in many enterprises and actively exploiting them. This intensive, hands-on course takes your skills well beyond standard SQL injection or file inclusion attacks and will propel you into a world of mind-bending, blinded, SQL Injection, illogical authentication bypasses, heavy deserialization, and pass-the-hash web authentication weaknesses all chained to gain remote code execution unassisted. And that's just scratching the surface.

Topics covered include:
Offensive Security
  • Performing advanced web app source code auditing
  • Analyzing code, writing scripts, and exploiting web vulnerabilities
  • Implementing multi-step, chained attacks using multiple vulnerabilities
  • Using creative and lateral thinking to determine innovative ways of exploiting web vulnerabilities
  • ...and more
Session FAQ

Advanced Web Attacks and Exploitation is NOT an entry level course. The pace of learning is fast and furious, and students are expected to have a solid understanding and experience of how to perform basic web application attacks, at a minimum. This class is perfect for experienced network penetration testers who are looking to take their web application penetration testing skills to the next level, as well as web application developers who need to understand how their code is attacked.

Advanced Web Attacks and Exploitation expects students to have the following before starting the course:

  • Comfort reading and writing at least one coding language (Java, .NET, JavaScript, Python, etc)
  • Familiarity with Linux: file permissions, navigation, editing, and running scripts
  • Ability to write simple Python / Perl / PHP / Bash scripts
  • Experience with web proxies, such as Burp Suite and similar tools
  • General understanding of web app attack vectors, theory, and practice

Students are required to bring their own laptops with:

  • 64bit Host operating system
  • 8 GB RAM minimum
  • Administrative access to the host operating system
  • VMware Workstation / Fusion
  • 60 GB HD free minimum
  • Wired network support
  • USB 2.0 support or better

Students will be provided with virtual machines for use in class and the Advanced Web Attacks and Exploitation Lab Guide. An in-class ""Hint System"" will provide electronic distribution of all scripts, POCs, etc. ***PLEASE NOTE*** @Hack does not include the online course materials, exam, or lab.

Subject matter experts from Offensive Security