This class teaches the audience a wealth of hacking techniques to compromise modern-day web applications, APIs and associated end-points. This class focuses on specific areas of appsec and on advanced vulnerability identification and exploitation techniques. The class allows attendees to learn and practice some neat, new and ridiculous hacks which affected real-life products and have found a mention in real bug-bounty programs. The vulnerabilities selected for the class either typically go undetected by modern scanners or the exploitation techniques are not so well known.
Attendees will also benefit from a state-of-art Hacklab during the course.
Some of the highlights of the class include:
Users are also encouraged to familiarize themselves with Burp Suite https://portswigger.net/burp/communitydownload to gain maximum out of the class.
Harden your perimeter, lower the risk of compromise, and make your organisation a less attractive target for attackers by building a team that can identify, test, and guide developers to secure web-based vulnerabilities.
Trained delegates can:
The latest hacks in the world of web hacking. The class content has been carefully handpicked to focus on some neat, new and ridiculous attacks. We provide a custom kali image for this class. The custom kali image has been loaded with a number of plugins and tools (some public and some NotSoPublic) and these aid in quickly identifying and exploiting vulnerabilities discussed during the class.
The class is taught by a real pen tester and the real-world stories shared during the class help attendees in putting things into perspective. Access to a hacking lab during the course and numerous scripts and tools will also be provided during the training, along with student handouts. Our courses also come with detailed answer sheets. That is a step by step walkthrough of how every exercise within the class needs to be solved. These answer sheets are also provided to students at the end of the class.
Lab Setup and architecture overview
Introduction to Burp Features
Attacking Authentication and SSO
Password Reset Attacks
Business Logic Flaws / Authorization flaws
XML External Entity (XXE) Attack
Breaking Crypto
Remote Code Execution (RCE)
SQL Injection Masterclass
Tricky File Upload
Server-Side Request Forgery (SSRF)
Attacking the Cloud
Attacking Hardened CMS
Web Caching Attacks
Miscellaneous Vulnerabilities
Attack Chaining N tier vulnerability Chaining leading to RCE
Various Case Studies
B33r-101
Join our public courses in our Norway facilities. Private class trainings will be organized at the location of your preference, according to your schedule.