.
Select Search Category
Web Hacking
Black Belt Edition
NotSoSecure

Much like our popular Advanced Infrastructure Hacking class, this class talks about a wealth of ethical hacking techniques to compromise web applications, APIs, cloud components and other associated end-points. This Web hacking class focuses on specific areas of appsec and on advanced security vulnerability identification and exploitation techniques (especially server side flaws). The class allows attendees to practice some neat, new and ridiculous website hacking techniques which affected real life products and have found a mention in real bug-bounty programs. The vulnerabilities selected for the class either typically go undetected by modern scanners or the exploitation techniques are not so well known.

Note: Attendees will also benefit from a state-of-art Hacklab and we will be providing free 30 days lab access after the class to allow attendees more practice time.

The course outline
1
Day
  • Lab Setup and architecture overview
  • Introduction to Burp Features
  • Attacking Authentication and SSO
  • Password Reset Attacks
  • Business Logic Flaws / Authorization flaws
2
Day
  • XML External Entity (XXE) Attack
  • Breaking Crypto
  • Remote Code Execution (RCE)
3
Day
  • SQL Injection Masterclass
  • Tricky File Upload
  • Server-Side Request Forgery (SSRF)
4
Day
  • Attacking the Cloud
  • Miscellaneous Vulnerabilities
  • Attacking Hardened CMS
  • Web Caching Attacks
  • Attack Chaining N tier vulnerability Chaining leading to RCE
  • Various Case Studies
  • B33r-101
Session FAQ
  • Web developers
  • SOC analysts
  • Intermediate level penetration testers
  • DevOps engineers, network engineers
  • Security architects
  • Security enthusiasts
  • Anyone who wants to take their skills to the next level

Students must bring their own laptop and have admin/root access on it. The laptop must have a virtualization software (virtualbox / VMWare) pre installed. A customized version of Kali Linux (ova format) containing custom tools, scripts and VPN scripts for the class will be provided to the students. The laptop should have at least 4 GB RAM and 20 GB of free disk space dedicatedly for the VM.

Users are also encouraged to familiarize themselves with Burp Suite to gain maximum out of the class.

Access to a hacking lab not just during the course but for 30 days after the class too. This gives them plenty of time to practice the concepts taught in the class. Numerous scripts and tools will also be provided during the training, along with student handouts.

Our courses also come with detailed answer sheets. That is a step by step walkthrough of how every exercise within the class needs to be solved. These answer sheets are also provided to students at the end of the class.

Dhruv Shah