Advanced Web Attacks and Exploitation

COURSE DETAILS

WHO IS THIS COURSE FOR?

This course is designed for Experienced penetration testers who want to practical understanding of the web application assessment and hacking process and become Web application security specialists.

COURSE SYLLABUS

This course will help you to analyze source code, request maipulation and learn to use advance tools like Burp Suite , Nmap etc. The course covers the following topics. Take your penetration testing skill to the next level. The course covers the following topics. View the full syllabus.

  • Web security tools and methodologies
  • Source code analysis
  • Persistent cross-site scripting
  • Session hijacking
  • .NET deserialization
  • Remote code execution
  • Blind SQL injections
  • Data exfiltration
  • Bypassing file upload restrictions and file extension filters
  • PHP type juggling with loose comparisons
  • PostgreSQL Extension and User Defined Functions
  • Bypassing REGEX restrictions
  • Magic hashes
  • Bypassing character restrictions
  • UDF reverse shells
  • PostgreSQL large objects
  • DOM-based cross site scripting (black box)
  • Server side template injection
  • Weak random token generation
  • XML external entity injection
  • RCE via database functions
  • OS command injection via WebSockets (black box)