Advanced Web Hacking

Much like our popular Advanced Infrastructure Hacking class, this class talks about a wealth of hacking techniques to compromise web applications, APIs, cloud components and other associated end-points. This class focuses on specific areas of appsec and on advanced vulnerability identification and exploitation techniques (especially server side flaws). The class allows attendees to practice some neat, new and ridiculous hacks which affected real life products and have found a mention in real bug-bounty programs. The vulnerabilities selected for the class either typically go undetected by modern scanners or the exploitation techniques are not so well known.

Retail Price: $2,750.00

Next Date: Request Date

Course Days: 5


Request a Date

Request Custom Course


Course Details

You will be able to:

  • Effectively exfiltrate data using Out of Band Techniques for certain vulnerabilities
  • Pen Test encrypted parameters to find vulnerabilities
  • Learn how to bypass SSO functionalities
  • Find SQL injection vulnerabilities not detected by Automated tools
  • Break weak crypto implementations
  • Learn ways to bypass password reset functionalities

You will receive:

Access to a hacking lab not just during the course but for 30 days after the class too. This gives them plenty of time to practice the concepts taught in the class. Numerous scripts and tools will also be provided during the training, along with student handouts.

Our courses also come with detailed answer sheets. That is a step by step walkthrough of how every exercise within the class needs to be solved. These answer sheets are also provided to students at the end of the class.

Who Should Take This Class?

  • Web developers
  • SOC analysts
  • Intermediate level penetration testers
  • DevOps engineers, network engineers
  • Security architects
  • Security enthusiasts
  • Anyone who wants to take their skills to the next level

Details of the course content:

INTRODUCTION

  • Lab Setup And Architecture Overview
  • Introduction To Burp Features

ATTACKING AUTHENTICATION AND SSO

  • Token Hijacking attacks
  • Logical Bypass / Boundary Conditions
  • Bypassing 2 Factor Authentication
  • Authentication Bypass using Subdomain Takeover
  • JWT/JWS Token attacks
  • SAML Authorization Bypass
  • OAuth Issues

PASSWORD RESET ATTACKS

  • Session Poisoning
  • Host Header Validation Bypass
  • Case study of popular password reset fails

BUSINESS LOGIC FLAWS / AUTHORIZATION FLAWS

  • Mass Assignment
  • Invite/Promo Code Bypass
  • Replay Attack
  • API Authorisation Bypass
  • HTTP Parameter Pollution (HPP)

XML EXTERNAL ENTITY (XXE) ATTACK

  • XXE Basics
  • Advanced XXE Exploitation over OOB channels
  • XXE through SAML
  • XXE in File Parsing

BREAKING CRYPTO

  • Known Plaintext Attack (Faulty Password Reset)
  • Padding Oracle Attack
  • Hash length extension attacks
  • Auth bypass using .NET Machine Key
  • Exploiting padding oracles with fixed IVs

REMOTE CODE EXECUTION (RCE)

  • Java Serialisation Attack
    • Binary
    • XML
      • <lijson< li="">
    • SerialVersionUID Mismatch
      • </lijson<>
  • .Net Serialisation Attack
  • PHP Serialization Attack
  • Python serialization attack
  • Server Side Template Injection
  • Exploiting code injection over OOB channel

SQL INJECTION MASTERCLASS

  • 2nd order injection
  • Out-of-Band exploitation
  • SQLi through crypto
  • OS code exec via powershell
  • Advanced topics in SQli
  • Advanced SQLMap Usage and WAF bypass
  • Pentesting GraphQL
  • Introspection based attacks on GraphQL

TRICKY FILE UPLOAD

  • Malicious File Extensions
  • Circumventing File validation checks
  • Exploiting hardened web servers
  • SQL injection via File Metadata

SERVER SIDE REQUEST FORGERY (SSRF)

  • SSRF to query internal network
  • SSRF to exploit templates and extensions
  • SSRF filter bypass techniques
  • Various Case studies

ATTACKING THE CLOUD

  • SSRF Exploitation
  • Serverless exploitation
  • Google Dorking in the Cloud Era
  • Cognito misconfiguration to data exfiltration
  • Post Exploitation techniques on Cloud-hosted applications
  • Various Case Studies

ATTACKING HARDENED CMS

  • Identifying and attacking various CMS
  • Attacking Hardened WordPress, Joomla and Sharepoint

WEB CACHING ATTACKS

MISCELLANEOUS VULNERABILITIES

  • Unicode Normalization attacks
  • Second order IDOR attack
  • Exploiting misconfigured code control systems
  • HTTP Desync attack

ATTACK CHAINING N TIER VULNERABILITY CHAINING LEADING TO RCE

VARIOUS CASE STUDIES

  • A Collection of weird and wonderful XSS and CSRF attacks


Sorry! It looks like we haven’t updated our dates for the class you selected yet. There’s a quick way to find out. Contact us at 502.265.3057 or email info@training4it.com


Request a Date