Web Hacking

2 Day Practical Class
  • Introduction into Web Application hacking
  • Practical in focus, teaching how web application security flaws are discovered
  • Covers leading industry standards and approaches
  • Builds the foundation to progress your knowledge and move into more advanced Web Application topics
Really enjoyed the lab and the walkthroughs, it helped expedite the learning process.Delegate, Black Hat USA 2016
Very organized and clearly presented. Great having hands-on experience with individuals ready to assist when help is neededDelegate, Black Hat USA 2016
One of the best classes I have taken in a long time. The contest was on point and kept me engaged. I am new to Cyber Security after 25 years in App Development and am very pleased with what I have learnedDelegate, Black Hat USA 2016

Class Overview

This is an entry-level web Application Security-testing class and is a recommended pre-requisite for our Advanced Web Hacking class. This class familiarises the attendees with the basics of Web and Application hacking. A number of tools and techniques will be taught during the 2 day class. If you would like to step into the world of ethical hacking / pen testing with a focus on web applications, then this is the right class for you.

Class Details

This class familiarises the attendees with a wealth of tools and techniques needed to breach the security of web applications. The class starts from the very basic, and gradually builds up to a level where attendees can not only use the tools and techniques to hack various components involved in Web Application hacking, but also walk away with a solid understanding of the concepts on which these tools are based. The class also covers the industry standards such as OWASP Top 10, PCI DSS and contains numerous real life examples to help the attendees understand the true impact of these vulnerabilities.

Day 1

Information Gathering, Profiling and Cross-Site Scripting

  • Understanding HTTP Protocol
  • Identifying the Attack Surface
  • Username Enumeration
  • Information Disclosure
  • Issues with SSL/TLS
  • Cross-Site Scripting
  • Cross-Site Request Forgery

Day 2

Injection, Flaws, Files and Hacks

  • SQL Injection
  • XXE Attacks
  • OS Code Injection
  • Local/Remote File Include
  • Cryptographic Weakness
  • Business Logic Flaws
  • Insecure File Uploads


Who Should Take This Class?

System Administrators, Web Developers, SOC analysts, Penetration Testers, network engineers, security enthusiasts and anyone who wants to take their skills to the next level.

Student Requirements

Students should bring their own laptop with Windows Operating System installed (either natively or running in a VM). Further, students must have administrative access to perform tasks such as installing software, disabling antivirus etc. Devices that don’t have an Ethernet connection (e.g. MacBook Air, tablets etc.) are not supported.

Hacking Training Classes

Lab-Based Training - Written by BlackHat Trainers - Available Globally

NotSoSecure classes are ideal for those preparing for CREST CCT (ICE), CREST CCT (ACE), CHECK (CTL), TIGER SST and other similar industry certifications, as well as those who perform Penetration Testing on infrastructure / web applications as a day job & wish to add to their existing skill set.

Download the NotSoSecure Hacking Classes Brochure

Upcoming Classes

Beginner Friendly

Hacking 101

The Art of Hacking

The Art of Hacking


Infrastructure Hacking


Web Hacking

Specialist Offensive Classes

2020 Edition

Advanced Infrastructure Hacking

2020 Edition

Advanced Web Hacking


Hacking and Securing Cloud Infrastructure

Specialist Defence Classes

2020 Edition

AppSec for Developers





Book Your Training

Working exclusively with 3 training delivery partners, NotSoSecure Hacking Training is available around the world.