Web Hacking

2020 Edition
2 Day Practical Class
  • Introduction into Web Application hacking
  • Practical in focus, teaching how web application security flaws are discovered
  • Covers leading industry standards and approaches
  • Builds the foundation to progress your knowledge and move into more advanced Web Application topics
Really enjoyed the lab and the walkthroughs, it helped expedite the learning process.Delegate, Black Hat USA 2016
Very organized and clearly presented. Great having hands-on experience with individuals ready to assist when help is neededDelegate, Black Hat USA 2016
One of the best classes I have taken in a long time. The contest was on point and kept me engaged. I am new to Cyber Security after 25 years in App Development and am very pleased with what I have learnedDelegate, Black Hat USA 2016

Class Overview

This is an entry-level web Application Security-testing class and is a recommended pre-requisite for our Advanced Web Hacking class. This class familiarises the attendees with the basics of Web and Application hacking. A number of tools and techniques will be taught during the 2 day class. If you would like to step into the world of ethical hacking / pen testing with a focus on web applications, then this is the right class for you.

Class Details

This class familiarises the attendees with a wealth of tools and techniques needed to breach the security of web applications. The class starts from the very basic, and gradually builds up to a level where attendees can not only use the tools and techniques to hack various components involved in Web Application hacking, but also walk away with a solid understanding of the concepts on which these tools are based. The class also covers the industry standards such as OWASP Top 10, PCI DSS and contains numerous real life examples to help the attendees understand the true impact of these vulnerabilities.

Information Gathering, Profiling and Cross-Site Scripting

  • Understanding HTTP Protocol
  • Identifying the Attack Surface
  • Username Enumeration
  • Information Disclosure
  • Issues with SSL/TLS
  • Cross-Site Scripting
  • Cross-Site Request Forgery

Injection, Flaws, Files and Hacks

  • SQL Injection
  • XXE Attacks
  • OS Code Injection
  • Local/Remote File Include
  • Cryptographic Weakness
  • Business Logic Flaws
  • Insecure File Uploads


Who Should Take This Class?

System Administrators, Web Developers, SOC analysts, Penetration Testers, network engineers, security enthusiasts and anyone who wants to take their skills to the next level.

Student Requirements

Students should bring their own laptop with Windows Operating System installed (either natively or running in a VM). Further, students must have administrative access to perform tasks such as installing software, disabling antivirus etc. Devices that don’t have an Ethernet connection (e.g. MacBook Air, tablets etc.) are not supported.

How to book

What courses are you interested in?


Also Available from our partners below

Global / Remote


Hacking Training Classes

Lab-Based Training - Written by BlackHat Trainers - Available Globally

NotSoSecure classes are ideal for those preparing for CREST CCT (ICE), CREST CCT (ACE), CHECK (CTL), TIGER SST and other similar industry certifications, as well as those who perform Penetration Testing on infrastructure / web applications as a day job & wish to add to their existing skill set.

Download the Hacking Classes Brochure

Training Events

Web Hacking

26-27th August 2020

Live Online Training


NotSoSecure Training Journey:

Beginner Friendly

Hacking 101

The Art of Hacking

2020 Edition

The Art of Hacking

2020 Edition

Infrastructure Hacking

2020 Edition

Web Hacking

Specialist Offensive Classes

2020 Edition

Advanced Infrastructure Hacking

2020 Edition

Advanced Web Hacking


Hacking and Securing Cloud Infrastructure

Specialist Defence Classes

2020 Edition

AppSec for Developers