This curriculum introduces you to Web Application Hacking.

• Practical focus
• Learn how web application security flaws are found
• Discover leading industry standards and approaches
• Use this foundation to enhance your knowledge
• Prepare for more advanced web application topics

This is an entry level web application security testing course and is a pre-requisite for the Advanced Web Hacking course. Tools and techniques will be taught in the 2-day course. If you would like to step into the world of ethical hacking / penetration testing with a focus on web applications, then this is the class for you.

Who should take this class?

• System administrators
• Web developers
• SOC analysts
• Penetration testers
• Network engineers
• Security enthusiasts
• Anyone who wants to take their skills to the next level

Class Content

Day 1

Information gathering, profiling and cross-site scripting

• Understand HTTP protocol
• Identify the attack surface
• Username enumeration
• Information disclosure
• Issues with SSL / TLS
• Cross-site scripting

Day 2

Injection, flaws, files and hacks

• SQL injection
• XXE attacks
• OS code injection
• Local / remote file include?
• Cryptographic weakness
• Business logic flaws
• Insecure file uploads