Your course
Web application security is one of the biggest and fastest moving specializations within cybersecurity today. Only with a comprehensive, well-rehearsed arsenal of modern ethical hacking skills can it be mastered. Join this hands-on, 5-day course to push your web hacking to the next level and widen your career prospects. Get your hands dirty with our popular virtual labs and learn from experienced, practicing penetration testers with a legacy of training at Black Hat.
Who it’s for
- Penetration testers and red teamers
- Security consultants and architects
- CSIRT/SOC analysts and engineers/blue teams
- Developers with in-depth security experience
- Security/IT managers and team leads
This course is suitable for in-house security teams from intermediate to pro level. It’s also relevant to other security and IT practitioners and managers who want to understand the current threat landscape and defend their organization.
Delegates must have the following to make the most of the course:
- Intermediate knowledge of web application security (at least 2 years’ experience)
- Common command line syntax competency
- Experience using virtual labs for pentesting and/or offensive research
- Basic working knowledge of Burp Suite (download here)
Top 3 takeaways
- Many of the latest and most complex web hacking and penetration testing techniques
- The skills and knowledge to hack the OWASP Top 10
- Knowledge of how to remediate as well as exploit web application vulnerabilities
What you’ll learn
This course uses a Defense by Offense methodology based on real world engagements and offensive research (not theory). That means everything we teach has been tried and tested on live environments and in our labs, so you can put it into practice as soon as the training is over. By the end of the course, you’ll know:
- How to think and behave like an advanced, real world threat actor
- How to identify commonly used vulnerabilities known to have caused damage and disruption in recent months
- How to deploy the latest and most common web application hacks (including many novel techniques that can’t be detected by scanners)
- How to analyze vulnerabilities within your own organization and customize your hacking techniques in response
What you’ll be doing
You’ll be learning hands on:
- Spending most of the session (~80%) on lab-based exercises
- Using lab-based flows to explore and hack lifelike web environments
- Trying out different hacking techniques to exploit the OWASP Top 10 and other common vulnerabilities
- Discussing case studies with your course leader to understand the impact of the hacks covered
Why it’s relevant
All modern organizations rely on web applications, making them the attack vector of choice for many threat actors. However, scanners alone are neither powerful nor smart enough to find the more complex – and often more damaging – vulnerabilities that would threaten your organization’s ability to stay online. And with so many vulnerabilities open to exploitation, remediation must be prioritized according to risk and impact. What’s needed is a thorough, contextual understanding of how and why web applications get targeted and what happens when those attacks succeed. Our Advanced Web Hacking course provides delegates with this knowledge and more, helping push their existing offensive testing and remediation skills to the next level.
Our syllabuses are revised regularly to reflect the latest in-the-wild hacks, the newest Burp Suite releases, and whatever proof of concepts we’ve been developing in our own research. Because they remain so up to date with the threat landscape and security industry standard, many delegates return every 1-2 years to update their skills and get a refresh.
