Web Hacking

2 Day

Introduction into Web Application hacking
Practical in focus, teaching how web application security flaws are discovered
Covers leading industry standards and approaches
Builds the foundation to progress your knowledge and move into more advanced Web Application topics

Overview Prerequisites Details PDF HOW TO BOOK

Class Overview

This is an entry-level web Application Security-testing class and is a recommended pre-requisite for our Advanced Web Hacking class. This class familiarises the attendees with the basics of Web and Application hacking. A number of tools and techniques will be taught during the 2 day class. If you would like to step into the world of ethical hacking / pen testing with a focus on web applications, then this is the right class for you.

Class Details

This class familiarises the attendees with a wealth of tools and techniques needed to breach the security of web applications. The class starts from the very basic, and gradually builds up to a level where attendees can not only use the tools and techniques to hack various components involved in Web Application hacking, but also walk away with a solid understanding of the concepts on which these tools are based. The class also covers the industry standards such as OWASP Top 10, PCI DSS and contains numerous real life examples to help the attendees understand the true impact of these vulnerabilities.

Day 1

Information Gathering, Profiling and Cross-Site Scripting

  • Understanding HTTP Protocol
  • Identifying the Attack Surface
  • Username Enumeration
  • Information Disclosure
  • Issues with SSL/TLS
  • Cross-Site Scripting
  • Cross-Site Request Forgery

Day 2

Injection, Flaws, Files and Hacks

  • SQL Injection
  • XXE Attacks
  • OS Code Injection
  • Local/Remote File Include
  • Cryptographic Weakness
  • Business Logic Flaws
  • Insecure File Uploads

Prerequisites

Who Should Take This Class?

System Administrators, Web Developers, SOC analysts, Penetration Testers, network engineers, security enthusiasts and anyone who wants to take their skills to the next level.

Student Requirements

Students should bring their own laptop with Windows Operating System installed (either natively or running in a VM). Further, students must have administrative access to perform tasks such as installing software, disabling antivirus etc. Devices that don’t have an Ethernet connection (e.g. MacBook Air, tablets etc.) are not supported. 

Also, note that we will use an Ethernet/wired network for this class. If your laptop does not support this, please carry the correct adaptor to ensure you are able to connect to the wired network.

Hacking Training Classes

Lab-Based Training - Written by BlackHat Trainers – Available Globally

NotSoSecure classes are ideal for those preparing for CREST CCT (ICE), CHECK (CTL), TIGER SST and other similar industry certifications, as well as those who perform Penetration Testing on infrastructure as a day job and wish to add to their existing skill set.


Download the NotSoSecure Hacking Classes Brochure

The Art of Hacking

The Art of Hacking

=

Infrastructure Hacking

+

Web Hacking

Other Specialist Classes

Advanced Infrastructure Hacking

AppSec for Developers

Practical Internet Of Things (IoT) Hacking

Book Your Training

Working exclusively with 3 training delivery partners, NotSoSecure Hacking Training is available around the world.


UNITED KINGDOM

REST OF THE WORLD

IEEE MEMBER