Filtering by: PenTesting

Advanced Web Hacking - Black Belt Edition
Oct
8
to Oct 9

Advanced Web Hacking - Black Belt Edition

Presenter: Notsosecure

Track: Pentesting, Application Security

Format: 2 Day Training

This class teaches the audience a wealth of hacking techniques to compromise modern day web applications, APIs and associated end-points. This class focuses on specific areas of appsec and on advanced vulnerability identification and exploitation techniques. The class allows attendees to learn and practice some neat, new and ridiculous hacks which affected real life products and have found a mention in real bug-bounty programs. The vulnerabilities selected for the class either typically go undetected by modern scanners or the exploitation techniques are not so well known.

 

Attendees will also benefit from a state-of-art Hacklab and we will be providing FREE 30 days lab access after the class to allow attendees more practice time. Some of the highlight of the class includes:

  • Modern JWT, SAML, oauth bugs

  • Core business logic issues

  • Practical cryptographic flaws.

  • RCE via Serialisation, Object, OGNL and template injection.

  • Exploitation over DNS channels

  • Advanced SSRF, HPP, XXE and SQLi topics.

  • Serverless exploits

  • Web Caching issues

  • Attack chaining and real life examples.

View Event →