On This Page

Basic Web Hacking

NotSoSecure | August 4-5 & August 6-7



Overview

This course familiarizes the attendees with a wealth of tools and techniques needed to breach the security of web applications. The course starts from the very basic and gradually build up to the level where attendees can not only use the tools and techniques to hack various components involved in web application hacking, but also walk away with a solid understanding of the concepts on which these tools work. The course also covers the industry standards such as OWASP Top 10, PCI DSS and contain numerous real life examples to help the attendees understand the true impact of these vulnerabilities. This course is constantly updated on a regular basis to ensure that the latest exploits and vulnerabilities are available within the Hacklab and taught in this course.

The following is the course outline:

Day 1:
  • Understanding the HTTP protocol
  • Identifying the attack surface
  • Information gathering
  • Authentication Flaws
  • Online/Offline brute-force attacks
  • Cryptographic Flaws
  • Issues with SSL/TLS
  • Authorization Bypass


Day 2:
  • Insecure Direct Object Reference
  • Cross Site Scripting (XSS)
  • Reflective and Persistent XSS
  • Cross Site Request Forgery (CSRF)
  • SQL Injection (SQLi)
  • Tools and Techniques for exploiting SQLi
  • XML External Entity (XXE) Attacks
  • Insecure File Uploads

Who Should Take this Course

System Administrators, web developers, SOC analysts, entry level/intermediate level penetration testers, network engineers, security enthusiasts and anyone who wants to take their skills to next level

Student Requirements

Students must bring their own laptop and have admin/root access on it. The laptop should have at least 4 GB RAM and 20 GB of free disk space and a working copy of the latest Kali Operating System. Kali OS should be run inside a Virtual machine (e.g. VMware Workstation/Fusion/Player or Virtual Box).

What Students Should Bring

See student requirement

What Students Will Be Provided With

Access to a hacking lab not just during the course but for 30 days after the class too. This gives them plenty of time to practice the concepts taught in the class. Numerous scripts and tools will also be provided during the training, along with student hand-outs.

Trainers

Sam Sanoop is an information security enthusiast with over 4+ years of technical experience in web application security. He is currently working as a security consultant at NotSoSecure, working on a wide range of security projects including infrastructure, web and mobile application security. In his spare time, he is an inveterate bug bounty hunter and has identified and disclosed multiple web application vulnerabilities through various bug bounty platforms.