Ends on June 30
This course familiarizes the attendees with a wealth of hacking tools and techniques needed to breach the security of web applications. The course starts from the very basic and gradually build up to the level where attendees can not only use the tools and techniques to hack various components involved in web application hacking, but also walk away with a solid understanding of the concepts on which these tools work. The course also covers the industry standards such as OWASP Top 10, PCI DSS and contain numerous real life examples to help the attendees understand the true impact of these vulnerabilities. This course is constantly updated on a regular basis to ensure that the latest exploits and vulnerabilities are available within the Hacklab and taught in this course.
The following is the course outline:
Understanding the HTTP protocol
Identifying the attack surface
Online/Offline brute-force attacks
Faulty Password resets
Issues with SSL/TLS
Insecure Direct Object Reference
Cross Site Scripting (XSS)
Reflective and Persistent XSS
Cross Site Request Forgery (CSRF)
SQL Injection (SQLi)
Tools and Techniques for exploiting SQLi
XML External Entity (XXE) Attacks
Insecure File Uploads
In-depth understanding on what causes web vulnerabilities, how they can be exploited and a high level remediation strategy.
An understanding on how security breaches occur by compromising web vulnerabilities.
The free 30 day lab access provides attendee surplus time to learn advanced topics in their own time and at their own pace.
Who Should Take this Course
System Administrators, web developers, SOC analysts, entry level/intermediate level penetration testers, network engineers, security enthusiasts and anyone who wants to take their skills to next level
Audience Skill Level
Students must bring their own laptop and have admin/root access on it. The laptop should have at least 4 GB RAM and 20 GB of free disk space and a working copy of the latest Kali Operating System. Kali OS should be run inside a Virtual machine (e.g. VMware Workstation/Fusion/Player or Virtual Box).
What Students Should Bring
See student requirement
What Students Will Be Provided With
Access to a hacking lab not just during the course but for 30 days after the class too. This gives them plenty of time to practice the concepts taught in the class. Numerous scripts and tools will also be provided during the training, along with student handouts.
Rohit Salecha is a technology enthusiast who loves to dive deep into the world of technology. His current expertise revolves around finding interesting bugs in Web Applications and also loves doing Android and iOS app security assessments. Through his learning, he also loves to deliver talks and training on various subjects related to Web and Mobile Applications. He delivered training on Basic Web Hacking and Basic Infrastructure Hacking at Blackhat USA 2017 and 2018 to more than 80 students. He is also passionate about architecting IT solutions with the focus on Information security.
Sam Sanoop is an information security enthusiast with over 5+ years of technical experience in web application security. He is currently working as a senior security consultant at NotSoSecure, working on a wide range of security projects including infrastructure, web and mobile application security. In his spare time, he is an inveterate bug bounty hunter and has identified and disclosed multiple web application vulnerabilities through various bug bounty platforms.