Hacking by Numbers:

Sensepost july 23-24


Ends February 1


Ends June 1


Ends July 20


July 21-24


Hacking by Numbers - W^3 Edition is an intermediate web application hacking course for people with some experience in penetration testing.

The course will provide a refresher of HTTP and associated technologies before commencing with some more advanced level attacks ranging from assessment techniques of traditional web applications to newer technologies - such as AJAX, rich client media and HTML 5.

Topics include:

As with all courses in the Hacking by Numbers range, the W^3 course is a hands-on, highly practical course which intends to enable students to understand the trade and not the trick.


SensePost will provide fully configured laptop computers as well as CDs with all the tools and materials used in the course.

Students need to ensure they have the necessary level of skill.

An understanding of web technologies is recommended and students are expected to be versed in basic programming (or scripting), Internet technologies, *nix/Windows operating systems, and basic database technologies.

No advanced skills are required, but students without a good, practical knowledge of these areas will fall behind in this fast-paced class.

Students without the requisite technical skills are encouraged to consider Hacking by Numbers Cadet and Bootcamp editions.


This course is the only course in the Hacking By Numbers focusing specifically on web-based technologies. It assumes some prior experience with Web Application hacking tools and techniques. Although it is not required, attendance of Hacking By Numbers Bootcamp Edition would be beneficial.

Who Should Attend

Security consultants, government agencies, developers, penetration testers and other nice people will all benefit from the valuable insights provided by this class.

What to bring

Just Yourself. All necessary equipment will be provided, including pre-configured laptops, tools and utilities.

Course Trainer

SensePost is an independent and objective organisation specialising in information security consulting, training, security assessment services and IT Vulnerability Management. SensePost is about security. Specifically - information security. Even more specifically - measuring information security. We've made it our mission to develop a set of competencies and services that deliver our customers with insight into the security posture of their information and information systems.

Ian de Villiers is an Associate Security Analyst for SensePost. Coming from a development background, his areas of expertise are in application and web application assessments. Ian has spent considerable time researching application frameworks, and has published a number of advisories relating to portal platforms. He has also provided training on web application security at prestigious events such as the Black Hat briefings in the USA and spoken at security conferences on this topic.