NotSoSecure is pleased to launch their much awaited advanced Web Hacking class. Much like the Advanced Infrastructure Hacking class, this class talks about a wealth of hacking techniques to compromise web applications, APIs and associated end-points. This class focus on specific areas of app-sec and on advanced vulnerability identification and exploitation techniques (especially server side flaws). The class allows attendees to practice some neat, new and ridiculous hacks which affected real life products and have found a mention in real bug-bounty programs. The vulnerabilities selected for the class either typically go undetected by modern scanners or the exploitation techniques are not so well known. Attendees will also benefit from a state-of-art Hacklab and we will be providing free 30 days lab access after the class to allow attendees more practice time.
The following is the course outline:
Day 1
Authentication Bypass
Token Hijacking attacks
Logical Bypass / Boundary Conditions
SAML / OAuth 2.0 / Auth-0 / JWT Attacks
JWT Token Brute-Force attacks
SAML Authentication and Authorization Bypass
XXE through SAML
Advanced XXE Exploitation over OOB channels
Password Reset Attacks
Cookie Swap
Host Header Validation Bypass
Case study of popular password reset fails.
Breaking Crypto
Known Plaintext Attack (Faulty Password Reset)
Path Traversal using Padding Oracle
Hash length extension attacks
Business Logic Flaws / Authorization flaws
Mass Assignment
Invite/Promo Code Bypass
Replay Attack
API Authorization Bypass
Day 2
SQL Injection
2nd Order Injection
Out-of-Band
SQLi through crypto
OS code exec via powershell
Advanced topics in SQli
Remote Code Execution (RCE)
Java Serialisation Attack
Node.js RCE
PHP object injection
Ruby/ERB template injection
Exploiting code injection over OOB channel
Server Side Request Forgery (SSRF)
SSRF to call internal files
SSRF to query internal network
Unrestricted File Upload
Malicious File Extensions
Circumventing File validation checks
Miscellaneous Topics
HTTP Parameter Pollution (HPP)
XXE in file parsing
A Collection of weird and wonderful XSS and CSRF attacks.
Attack Chaining
Combining Client-side and or Server-side attacks to steal internal secrets
B33r 101
Who Should Take this Course
Web developers, SOC analysts, entry level/intermediate level penetration testers, network engineers, security architects, security enthusiasts and anyone who wants to take their skills to next level
Student Requirements
Students must bring their own laptop and have admin/root access on it. The laptop should have at least 4 GB RAM and 20 GB of free disk space and a working copy of the latest Kali Operating System. Kali OS should be run inside a Virtual machine (e.g. VMware Workstation/Fusion/Player or Virtual Box). Familiarity with Burp Suite will be beneficial for this class.
What Students Should Bring
see student requirement section
What Students Will Be Provided With
Access to a hacking lab not just during the course but for 30 days after the class too. This gives them plenty of time to practice the concepts taught in the class. Numerous scripts and tools will also be provided during the training, along with student handouts.
Trainers
Sunil Yadav is an information security professional over 8+ years of experience in application security, mobile security, and source code review. Consulting experience with large organizations across different sectors assessing network, system and application security. Conducted national and international training and seminars on web application security, threat modeling, mobile security and secure coding. Won credits and accolades from organizations like Microsoft, LinkedIn, Yahoo, Nokia, PayPal, Apache and Oracle for identifying and reporting security vulnerabilities in their products
Dhruv Shah is an information security professional working as a Senior Security Consultant at NotSoSecure. He has over 6+ years of experience in application, mobile and network security. He has co-authored the book 'Kali Linux Intrusion and Exploitation' by Packtpub. His work can be found on security-geek.in
Video Preview (Training Description Above - Top of Page)
