£1,200

SecureData Trainings - Web Application Hacking

Event Information

Share this event

Date and Time

Location

Location

Liverpool Street Meeting Room

46 New Broad Street

London

EC2M 1JH

United Kingdom

View Map

Refund Policy

Refund Policy

Refunds up to 7 days before event

Eventbrite's fee is nonrefundable.

Event description

Description

***Ticket information: please note the course price includes VAT***

This course will teach you how to analyse web applications for vulnerabilities and exploit them.

SensePost has been conducting penetration tests against web applications for nearly two decades and has distilled its approach into this course. Providing a thorough and scientific approach, techniques to maximise coverage of an application will be taught.

Whether you're a developer looking to better understand how to defend your applications or a penetration tester looking to enhance your web application bug hunting, this course is for you.

This course is highly practical, with over 22 different practical exercises. You'll learn how to hand exploit numerous common web vulnerabilities, and understand the theory behind them. You will be better able to help developers prevent these classes of attacks in their applications. We aim to teach you the trade not just the tricks, and while tools are covered and help, you will be taught how to exploit many of these vulnerabilities by hand.

No equipment other than a web browser is needed. We make use of a fully cloud-based and individual virtual training lab meaning no interference from other students, a robust and safe practise environment, and time to experiment throughout.

------------------------------------------------------------------------


------------------------------------------------------------------------

Key Takeaways:

- A general approach and methodology for hacking web applications
- A good understanding of the tools and techniques for examining web applications
- Practical and practiced skills (there are a lot of pracs in this course)

------------------------------------------------------------------------

Some of the topics covered:

Introduction to web technologies

  • Understanding the protocols that power the web and getting comfortable with how they look on the wire as well as intercepting and modifying them.

Cookies and Session Management

  • Understanding how sessions work in applications, and how cookies can be manipulated.

Introduction to Web Vulnerabilities

  • Theory on what a vulnerability is and an introduction to the OWASP Top 10

Client and Server Side Attacks

  • Understanding web architectures, and the threat models associated with them as well as several client and server-side vulnerabilities and related exploits.

Indirect Object References

  • Identifying and exploiting poor authorisations controls.
  • Brute forcing for restricted data.

Path traversal

  • Exploiting path traversal vulnerabilities and bypass restrictions.

Insecure file upload & file inclusion

  • Introductions to web shells and code execution attacks.

XSS/CSRF & DOM Injections & Cache Attacks

  • Manipulating the DOM with various attacks
  • The impact of CDNs and different browser headers

SQL & Command Injection attacks

  • Understanding data store and operating system setups and how to exploit and explore them

Java Deserialisation

  • Exploiting deserialisation vulnerabilities with ysoserial

APIs, Microservices & Widgets

  • Working with APIs, common formats, tools and vulnerabilities

Web Assembly Vulnerabilities

  • Understanding wasm
  • New attack surface exposed by wasm

Please note, refreshments and lunches included on both days.

------------------------------------------------------------------------

Share with friends

Date and Time

Location

Liverpool Street Meeting Room

46 New Broad Street

London

EC2M 1JH

United Kingdom

View Map

Refund Policy

Refunds up to 7 days before event

Eventbrite's fee is nonrefundable.

Save This Event

Event Saved