The days of porous network perimeters are fading fast as services become more resilient and harder to exploit. In order to penetrate today's modern networks, a new approach is required. In order to gain that initial critical foothold in a network, penetration testers must be fluent in the art of exploiting front-facing web applications. Offensive Security's Advanced Web Attacks and Exploitation course will take you far beyond the simple basics of SQL injection and bring you deep into the realm of web application penetration testing.
From mind-bending XSS attacks, to exploiting CSRF vulnerabilities, to advanced SQL injection attacks, Advanced Web Attacks and Exploitation will broaden your knowledge of web application hacking and help you identify and circumvent various protection mechanisms in use on the web today.
This intensive, hands-on course will take your skills beyond run-of-the-mill SQL injection or mediocre file inclusion attacks and propel you into a world of brain-melting SQL queries, mind-blowing XSS and remote code execution attacks, and more - leaving you gasping in disbelief.
TOPICS COVEREDAdvanced XSS attacks and exotic payloadsLeveraging CSRF attacks to achieve remote code executionAdvanced SQL injection attacksCompound attacks making use of multiple vulnerabilitiesBypassing character restrictions in payloadsRemote command execution attacksAdvanced file inclusion attacks, and moreReal world attacks on widely deployed network infrastructure applications
LAB DESCRIPTION
This course includes complex hands-on labs throughout the training. All students will be provided with pre-configured VMware images which include only real world web vulnerabilities taken from network infrastructure and security applications. These vulnerable web applications are analyzed and exploited for the duration of the course.
Advanced Web Attacks and Exploitation is NOT an entry level course. The pace of learning is fast and furious - students are expected to have a solid understanding of how to perform basic web application attacks, at a minimum. This class is aimed at penetration testers and security auditors who need to take their web application penetration testing skills to a new level.
It is assumed that the student already has a medium understanding of the underlying protocols and technologies involved in testing web applications such as the HTTP protocol, SSL communications, and the usage of various browser plugins and proxies. A basic familiarity with web based programming languages such as php, javascript and mysql will also prove helpful.
Students are required to bring their own laptops with: 64bit Host operating system A minimum 4 GB RAM installed VMware Workstation / Fusion installed At least 60 GB HD free Wired Network Support USB 2.0 support or better
Students will be provided virtual machines for use in the class.
Mati Aharoni is the lead Kali Linux Developer, and founder of Offensive Security. With over 10 years of experience as a professional penetration tester, Mati has uncovered several major security flaws and is actively involved in the offensive security arena.
