Black Hat USA Registration Black Hat USA Registration Black Hat USA Briefings Black Hat USA Briefings Black Hat USA Training Black Hat USA Training Black Hat USA Schedule Black Hat USA Schedule Black Hat USA Sponsors Black Hat USA Sponsors Black Hat  USA Special Events Black Hat  USA Special Events Black Hat USA Venue Black Hat USA Venue

On This Page

Advanced Web Attacks and Exploitation

Offensive Security | July 27-30



Ends May 31



Ends July 24



Ends July 30


The days of porous network perimeters are fading fast as services become more resilient and harder to exploit. In order to penetrate today's modern networks, a new approach is required. In order to gain that initial critical foothold in a network, penetration testers must be fluent in the art of exploiting front-facing web applications. Offensive Security's Advanced Web Attacks and Exploitation course will take you far beyond the simple basics of SQL injection and bring you deep into the realm of web application penetration testing.

From mind-bending XSS attacks, to exploiting CSRF vulnerabilities, to advanced SQL injection attacks, Advanced Web Attacks and Exploitation will broaden your knowledge of web application hacking and help you identify and circumvent various protection mechanisms in use on the web today.

This intensive, hands-on course will take your skills beyond run-of-the-mill SQL injection or mediocre file inclusion attacks and propel you into a world of brain-melting SQL queries, mind-blowing XSS and remote code execution attacks, and more - leaving you gasping in disbelief.

Topics Covered

Lab Description

This course includes complex hands-on labs throughout the training. All students will be provided with pre-configured VMware images which include both instructional and real world web vulnerabilities. These vulnerable web applications are analyzed and exploited for the duration of the course.

Who Should Attend

Advanced Web Attacks and Exploitation is NOT an entry level course. The pace of learning is fast and furious - students are expected to have a solid understanding of how to perform basic web application attacks, at a minimum. This class is aimed at penetration testers and security auditors who need to take their web application penetration testing skills to a new level.


It is assumed that the student already has a medium understanding of the underlying protocols and technologies involved in testing web applications such as the HTTP protocol, SSL communications, and the usage of various browser plugins and proxies. A basic familiarity with web based programming languages such as php, javascript and mysql will also prove helpful.

What To Bring

Course Length

Four days. All course materials, lunch and two coffee breaks will be provided. A Certificate of Completion will be offered.


Mati Aharoni is the lead BackTrack Developer, and founder of Offensive Security. With over 10 years of experience as a professional penetration tester, Mati has uncovered several major security flaws and is actively involved in the offensive security arena.