What to bring:

Just Yourself. All necessary equipment will be provided, including pre-configured laptops, tools and utilities.

Black Hat USA 2010 Weekend Training Session

July 24 - 25

Black Hat USA 2010 Weekday Training Session

July 24 - 27

Hacking by Numbers: Web 2.0


Register Button


We were actually enjoying the web as it was, but apparently it was time for an upgrade. Hello Web 2.0. Hello social networking, wikis, RSS, blogs and user-driven content. Hello web services, SOAP and REST. Hello XML, Javascript, AJAX, and Silverlight.

Web 2.0 is a perceived or proposed second generation of the web. According to Tim O'Reilly: "Web 2.0 is the business revolution in the computer industry caused by the move to the Internet as platform, and an attempt to understand the rules for success on that new platform."

Web 2.0 is a whole new world and Hacking By Numbers - Web 2.0 Edition is a course designed to prepare you for it. Brought to you by the same team that created the successful 'Bootcamp' and 'Combat' editions, "Web 2.0 Edition" focuses on the knowledge, skills, tools and thinking techniques required to understand security and hacking in the Web 2.0 world.

Hello XSS, XSRF, XSRT and friends!

HBN Web 2.0 Edition is aimed primarily at understanding how we attack the "Web 2.0" technologies and concepts. The course builds off Bootcamp Edition (it is therefore a more advanced course) but is still be structured, practical and extremely hands-on in the established "Hacking By Numbers" tradition.

Topics include:

  • Hacking Web Applications Refresher
  • Understanding Web 2.0 - concepts and technologies
  • Getting under the hood - A Web Services and Javascript Refresher
  • Hacking Web Services
  • Hacking the User - XSS Foo
  • Hacking the New Kids - AJAX, JSON, SOAP, RSS and the crew
  • Games and Hacking - How we hack games and how we're actually always hacking games

The course is full of brand new content and brand new labs and cutting-edge emulations.

Course Length

Two days. All course materials, lunch and two coffee breaks will be provided. A Certificate of Completion will be offered.


SensePost proposes to use experienced world-class technicians with extensive training experience. The course will be presented by one of the following course leaders:

Bradley Jayanath joined SensePost as the team leader for the assessment team after 9 years in the Networking and security industry. He has extensive experience on all types of security assessments and has completed major security projects in the Americas. Bradley has been involved in the training course material since appointment has got extensive experience that he brings to each training course.

Nicholas Arvanitis is an Associate at SensePost, where he leads SensePost's security assessment and penetration testing team. Nicholas has spoken and trained throughout South Africa, Europe and the United States, including at prestigious events such as the Black Hat Briefings and Defcon. His area of expertise is in web application assessment, network security assessment and vulnerability management.

Marco Slaviero (MSc) is an associate at SensePost focused on providing penetration testing services to global clients in the financial services, mining and telecommunications sectors. Marco specializes in web application assessments with a side interest in thick applications and network assessments. His background is academic and he finds the security industry a little bewildering if complete fun.

Ian de Villiers is an associate security analyst for SensePost. Coming from a development background, his areas of expertise are in application and web application assessments. Ian has spent considerable time researching application frameworks, and has published a number of advisories relating to portal platforms. He has also provided training on web application security at prestiguous events such as the BlackHat briefings in the USA and spoken at security conferences on this topic.

Super Early:
Ends Apr 1
Ends May 15

Ends Jun 15

Ends Jul 23