Hacking by Numbers: W^3


Register Now

USA 2011 Weekday Training Session //August 1-2


Hacking by Numbers - W^3 Edition is an intermediate web application hacking course for people with some experience in penetration testing.

The course will provide a refresher of HTTP and associated technologies before commencing with some more advanced level attacks ranging from assessment techniques of traditional web applications to newer technologies - such as AJAX, rich client media and HTML 5.

Topics include:

  • Hacking traditional web applications
  • Understanding Web2.0 concepts and technologies
  • Xs* - JavaScript attacks
  • Hacking Web services
  • Hacking compiled applications
  • HTML5

As with all courses in the Hacking by Numbers range, the W^3 course is a hands-on, highly practical course which intends to enable students to understand the trade and not the trick.


SensePost will provide fully configured laptop computers as well as CDs with all the tools and materials used in the course.

Students need to ensure they have the necessary level of skill.

An understanding of web technologies is recommended and students are expected to be versed in basic programming (or scripting), Internet technologies, *nix/Windows operating systems, and basic database technologies.

No advanced skills are required, but students without a good, practical knowledge of these areas will fall behind in this fast-paced class.

Students without the requisite technical skills are encouraged to consider Hacking by Numbers Cadet and Bootcamp editions.


This course is the only course in the Hacking By Numbers focussing specifically on web-based technologies. It assumes some prior experience with Web Application hacking tools and techniques. Although it is not required, attendance of Hacking By Numbers Bootcamp Edition would be beneficial.

Who Should Attend:

Security consultants, government agencies, developers, penetration testers and other nice people will all benefit from the valuable insights provided by this class.

What to bring:

Just Yourself. All necessary equipment will be provided, including pre-configured laptops, tools and utilities.

Course Trainer:

SensePost proposes to use experienced world-class technicians with extensive training experience. The course will be presented by one of the following course leaders:

Ian de Villiers is an Associate Security Analyst for SensePost. Coming from a development background, his areas of expertise are in application and web application assessments. Ian has spent considerable time researching application frameworks, and has published a number of advisories relating to portal platforms. He has also provided training on web application security at prestigious events such as the Black Hat briefings in the USA and spoken at security conferences on this topic.

Ends April 30
Ends Jun 15
Ends Jul 29