On This Page

Hacking by Numbers Reloaded - Web Applications Bootcamp

SensePost | March 24-25


Course Topics:
  • The fundamentals - Setting the foundation. Testing basics, tools of the trade, HTTP and related technology introduction.
  • Know your enemy - Reconnaissance, enumeration and landscape discovery.
  • Breaking bad - The application series:
  • SQL Injection on various platforms - How to really pwn databases.
  • XML and XML Entity Injection.
  • XPath and LDap Injection.
  • Cross-Site Scripting (Reflective, Persistent and DOM based) - This is not the pop-up you are interested in.
  • Attacking WebServices (XML, JSON).
  • Client side technologies such as Flash, Silverlight and ActiveX.

Who Should Take this Course

This course is ideally suited to those wishing to learn how to test web applications for vulnerabilities, to those experienced infrastructure pentesters that want to expand their skill set into web applications. This course is about tearing apart applications and understanding how attackers are breaching corporate deployments.

Student Requirements

Students need to ensure they have the necessary level of skill. No hacking experience is required for this course, but a solid technical grounding is an absolute must. This includes basic Linux operating system knowledge, a basic understanding of web applications and networking fundamentals.

What Students Should Bring

Enthusiasm. This course is about learning how to spot web application vulnerabilities and exploit them to your advantage. It's a hands-on course and not just you sitting down and watching us present. A laptop capable of running a custom Kali VM is also required.

What Students Will Be Provided With

SensePost will provide USB key drives with all the tools and materials used in the course.


All of SensePost's Hacking By Numbers trainers are working as penetration testers. HBN course modules are often inspired by actual penetration tests we have performed in the past. We love teaching and have been doing so for Black Hat for over a decade now. Our courses are hands-on, fun to do and also show real world scenarios that students will encounter.