On This Page

Basic Web Hacking

NotSoSecure Ltd | December 4 - 5



Overview

This course familiarises the attendees with a wealth of tools and techniques needed to breach the security of web applications. The course starts from the very basic and gradually build up to the level where attendees can not only use the tools and techniques to hack various components involved in web application hacking, but also walk away with a solid understanding of the concepts on which these tools work. The course also covers the industry standards such as OWASP Top 10, PCI DSS and contain numerous real life examples to help the attendees understand the true impact of these vulnerabilities. This course is constantly updated on a regular basis to ensure that the latest exploits and vulnerabilities are available within the hacklab and taught in this course.

During the class, we will give you VPN access to our state-of-art hacklab which is hosted in our data centre in UK. Once you are connected to the lab, you will find all the relevant tools/VMs there. We also provide a dedicated Kali VM to each attendee on the hacklab. The following the course outline:

Day 1:
Understanding HTTP protocol
Identifying the attack surface
Username Enumeration
Information Disclosure
Issues with SSL/TLS
Cross Site Scripting
Cross-Site Request Forgery

Day 2:
SQL Injection
XXE attacks
OS Code Injection
Cryptographic weakness
Business Logic Flaws
Insecure File Uploads

Who Should Take this Course

System Administrators, web developers, SOC analysts, entry level/intermediate level penetration testers, network engineers, security enthusiasts and anyone who wants to take their skills to next level

Student Requirements

The only requirement for this class is that you must bring your own laptop and have admin/root access on it. During the class, we will give you VPN access to our state-of-art hacklab which is hosted in our datacenter in UK. Once you are connected to the lab, you will find all the relevant tools/VMs there. We also provide a dedicated Kali VM to each attendee on the hacklab. So, you don't need to bring any VMs with you. All you need is admin access to install the VPN client and once connected, you are good to go!

Also, note that we will use an Ethernet/wired network for this class. If your laptop does not have that, please carry the right adaptor to ensure you can connect to the wired network.

What Students Should Bring

same as above

What Students Will Be Provided With

Access to a hacking lab not just during the course but for 30 days after the class too. This gives them plenty of time to practice the concepts taught in the class. Numerous scripts and tools will also be provided during the training, along with student hand-outs.

Trainers

Will Hunt is an information security enthusiast who has worked in IT security for the past 9 years. He is an Associate Director at NotSoSecure and was an infrastructure hacking trainer at Blackhat USA 2017. Prior to this he was a pentester and trainer, developing and delivering technical and non-technical courses for a leading IT security firm. Before pentesting Will was an experienced digital forensics consultant and trainer. He runs the blog stealthsploit.com and has identified and responsibly disclosed vulnerabilities in various software.