Web Hacking Black Belt Edition Training in Germany

  • Learn via: Classroom / Virtual Classroom / Online
  • Duration: 5 Days
  • Level: Expert
  • Price: From €5,850+VAT
We can host this training at your preferred location. Contact us!

This class teaches the audience a wealth of hacking techniques to compromise modern-day web applications, APIs and associated end-points. This class focuses on specific areas of appsec and on advanced vulnerability identification and exploitation techniques. The class allows attendees to learn and practice some neat, new and ridiculous hacks which affected real-life products and have found a mention in real bug-bounty programs. The vulnerabilities selected for the class either typically go undetected by modern scanners or the exploitation techniques are not so well known.

Attendees will also benefit from a state-of-art Hacklab during the course.

Some of the highlights of the class include:

  • Modern JWT, SAML, OAuth bugs
  • Core business logic issues
  • Practical cryptographic flaws.
  • RCE via Serialization, Object, OGNL and template injection.
  • Exploitation over DNS channels
  • Advanced SSRF, HPP, XXE and SQLi topics.
  • Serverless exploits
  • Web Caching issues
  • Attack chaining and real life examples.

Target Audience

  • Web developers
  • Intermediate level penetration testers
  • DevOps engineers, network engineers
  • Security researchers / analysts
  • Security architects
  • Security professionals & enthusiasts
  • Anyone who wants to take their skills to the next level

Users are also encouraged to familiarize themselves with Burp Suite https://portswigger.net/burp/communitydownload to gain maximum out of the class.

Harden your perimeter, lower the risk of compromise, and make your organisation a less attractive target for attackers by building a team that can identify, test, and guide developers to secure web-based vulnerabilities.

Trained delegates can:

  • Perform security testing to identify and safely exploit complex web vulnerabilities that get missed by scanners and other automated tools – this can help you detect vulnerabilities and recommend patching accordingly
  • Design this testing around real-world attacker behaviour and tooling, making it relevant to the threats facing your organisation
  • Customise offensive tooling to generate tailored (rather than “out of the box”) payloads that lead to more advanced testing
  • Recommend measures to circumvent any conditions that could lead to the emergence of vulnerabilities
  • Understand the business impact of web vulnerabilities and articulate this to key stakeholders
  • Take on greater responsibility in the team and become an advocate of security in the wider business

The latest hacks in the world of web hacking. The class content has been carefully handpicked to focus on some neat, new and ridiculous attacks. We provide a custom kali image for this class. The custom kali image has been loaded with a number of plugins and tools (some public and some NotSoPublic) and these aid in quickly identifying and exploiting vulnerabilities discussed during the class.

The class is taught by a real pen tester and the real-world stories shared during the class help attendees in putting things into perspective. Access to a hacking lab during the course and numerous scripts and tools will also be provided during the training, along with student handouts. Our courses also come with detailed answer sheets. That is a step by step walkthrough of how every exercise within the class needs to be solved. These answer sheets are also provided to students at the end of the class.

Lab Setup and architecture overview

Introduction to Burp Features

Attacking Authentication and SSO

  • Token Hijacking attacks
  • Logical Bypass / Boundary Conditions
  • Bypassing 2 Factor Authentication
  • Authentication Bypass using Subdomain Takeover
  • JWT/JWS Token attacks
  • SAML Authorization Bypass
  • OAuth Issues

Password Reset Attacks

  • Session Poisoning
  • Host Header Validation Bypass
  • Case study of popular password reset fails

Business Logic Flaws / Authorization flaws

  • Mass Assignment
  • Invite/Promo Code Bypass
  • Replay Attack
  • API Authorisation Bypass
  • HTTP Parameter Pollution (HPP)

XML External Entity (XXE) Attack

  • XXE Basics
  • Advanced XXE Exploitation over OOB channels
  • XXE through SAML
  • XXE in File Parsing

Breaking Crypto

  • Known Plaintext Attack (Faulty Password Reset)
  • Padding Oracle Attack
  • Hash length extension attacks
  • Auth bypass using .NET Machine Key
  • Exploiting padding oracles with fixed IVs

Remote Code Execution (RCE)

  • Java Serialization Attack
  • .Net Serialization Attack
  • PHP Serialization Attack
  • Python serialization attack
  • Server Side Template Injection
  • Exploiting code injection over OOB channel

SQL Injection Masterclass

  • 2nd order injection
  • Out-of-Band exploitation
  • SQLi through crypto
  • OS code exec via PowerShell
  • Advanced topics in SQli
  • Advanced SQLMap Usage and WAF bypass
  • Pentesting GraphQL

Tricky File Upload

  • Malicious File Extensions
  • Circumventing File validation checks
  • Exploiting hardened web servers
  • SQL injection via File Metadata

Server-Side Request Forgery (SSRF)

  • SSRF to query internal network
  • SSRF to exploit templates and extensions
  • SSRF filter bypass techniques
  • Various Case studies

Attacking the Cloud

  • SSRF Exploitation
  • Serverless exploitation
  • Google Dorking in the Cloud Era
  • Cognito misconfiguration to data exfiltration
  • Post Exploitation techniques on Cloud-hosted applications
  • Various Case Studies

Attacking Hardened CMS

  • Identifying and attacking various CMS
  • Attacking Hardened Wordpress, Joomla, and Sharepoint

Web Caching Attacks

Miscellaneous Vulnerabilities

  • Unicode Normalization attacks
  • Second order IDOR attack
  • Exploiting misconfigured code control systems
  • HTTP Desync attack

Attack Chaining N tier vulnerability Chaining leading to RCE

Various Case Studies

  • A Collection of weird and wonderful XSS and CSRF attacks

B33r-101



Contact us for more detail about our trainings and for all other enquiries!

Upcoming Trainings

Join our public courses in our Germany facilities. Private class trainings will be organized at the location of your preference, according to your schedule.

11 Januar 2025 (5 Days)
Berlin, Hamburg, Münih
Classroom / Virtual Classroom
13 Januar 2025 (5 Days)
Berlin, Hamburg, Münih
Classroom / Virtual Classroom
€5,850 +VAT
Book Now
18 Januar 2025 (5 Days)
Berlin, Hamburg, Münih
Classroom / Virtual Classroom
20 Januar 2025 (5 Days)
Berlin, Hamburg, Münih
Classroom / Virtual Classroom
11 Januar 2025 (5 Days)
Berlin, Hamburg, Münih
Classroom / Virtual Classroom
06 Februar 2025 (5 Days)
Berlin, Hamburg, Münih
Classroom / Virtual Classroom
13 Januar 2025 (5 Days)
Berlin, Hamburg, Münih
Classroom / Virtual Classroom
€5,850 +VAT
Book Now
12 Februar 2025 (5 Days)
Berlin, Hamburg, Münih
Classroom / Virtual Classroom

Related Trainings

Web Hacking Black Belt Edition Training Course in Germany

The Federal Republic of Germany is the second most populous country in Europe and is located in Central Europe. The official language of the country is German. Germany is one of the richest countries in the world. The main exports of the country include motor vehicles and iron and steel products.

Here are some fun facts about Germany:
The fairy tale writer, the Brothers Grimm, came from Germany and wrote many famous stories such as Cinderella, Snow White, and Sleeping Beauty.
Germany is home to the largest theme park in Europe, the Europa-Park.
The famous composer Ludwig van Beethoven was born in Germany.
The Autobahn, the German highway system, is known for having no general speed limit.


Berlin was divided by the Berlin Wall from 1961 to 1989. Known for its street art, Berlin has many colorful murals and graffiti throughout the city. Also, Berlin is home to many famous museums, such as the Pergamon Museum and the Museum Island. Many clubs and bars stay open until the early hours of the morning in this big city.

Another popular city is Munich, which is famous for its Oktoberfest beer festival that attracts millions of visitors every year. Munich is also home to many historic buildings, including Nymphenburg Palace and the Marienplatz town square.

The country's capital and largest city is Berlin, however Frankfurt is considered to be the business and financial center of Germany. It is home to the Frankfurt Stock Exchange, the European Central Bank, and many other financial institutions. Because of its central location within Europe and its status as a major financial hub, Frankfurt is often referred to as the "Mainhattan," a play on the city's name and its association with the Manhattan financial district in New York City.

Frankfurt is also a major transportation hub, with the largest airport in Germany and one of the largest in Europe, Frankfurt Airport. Additionally, it is a popular destination for tourists, with its historic city center, beautiful parks, and vibrant cultural scene.

Some of the top German technology companies like Siemens AG, Bosch, SAP SE, Deutsche Telekom, Daimler AG and Volkswagen has business centers in Frankfurt. The country has a strong tradition of engineering and innovation, and is home to many other world-class technology companies and research institutions.

Tailored to meet the specific needs of Germany, Bilginç IT Academy combines cutting-edge training methodologies with our comprehensive range of Certification Exam preparation courses and accredited corporate training programs. Experience a transformative approach to IT training that will redefine your expectations.
By using this website you agree to let us use cookies. For further information about our use of cookies, check out our Cookie Policy.