Advanced Web Attacks and Exploitation

Offensive Security | August 2-5

On This Page


The days of porous network perimeters are fading fast as services become more resilient and harder to exploit. In order to penetrate today's modern networks, a new approach is required. In order to gain that initial critical foothold in a network, penetration testers must be fluent in the art of exploiting front-facing web applications. Offensive Security's Advanced Web Attacks and Exploitation course will take you far beyond the simple basics of SQL injection and bring you deep into the realm of web application penetration testing.

From mind-bending XSS attacks, to exploiting CSRF vulnerabilities, to advanced SQL injection attacks, Advanced Web Attacks and Exploitation will broaden your knowledge of web application hacking and help you identify and circumvent various protection mechanisms in use on the web today.

This intensive, hands-on course will take your skills beyond run-of-the-mill SQL injection or mediocre file inclusion attacks and propel you into a world of brain-melting SQL queries, mind-blowing XSS and remote code execution attacks, and more - leaving you gasping in disbelief.

TOPICS COVEREDŸAdvanced XSS attacks and exotic payloadsŸLeveraging CSRF attacks to achieve remote code executionŸAdvanced SQL injection attacksŸCompound attacks making use of multiple vulnerabilitiesŸBypassing character restrictions in payloadsŸRemote command execution attacksŸAdvanced file inclusion attacks, and moreŸReal world attacks on widely deployed network infrastructure applications

This course includes complex hands-on labs throughout the training. All students will be provided with pre-configured VMware images which include only real world web vulnerabilities taken from network infrastructure and security applications. These vulnerable web applications are analyzed and exploited for the duration of the course.

Who Should Take This Course

Advanced Web Attacks and Exploitation is NOT an entry level course. The pace of learning is fast and furious - students are expected to have a solid understanding of how to perform basic web application attacks, at a minimum. This class is aimed at penetration testers and security auditors who need to take their web application penetration testing skills to a new level.

Student Requirements

It is assumed that the student already has a medium understanding of the underlying protocols and technologies involved in testing web applications such as the HTTP protocol, SSL communications, and the usage of various browser plugins and proxies. A basic familiarity with web based programming languages such as php, javascript and mysql will also prove helpful.

What Students Should Bring

Students are required to bring their own laptops with:Ÿ 64bit Host operating systemŸ A minimum 4 GB RAM installedŸ VMware Workstation / Fusion installedŸ At least 60 GB HD freeŸ Wired Network SupportŸ USB 2.0 support or better

What Students Will Be Provided With

Students will be provided virtual machines for use in the class.


Mati Aharoni is the lead Kali Linux Developer, and founder of Offensive Security. With over 10 years of experience as a professional penetration tester, Mati has uncovered several major security flaws and is actively involved in the offensive security arena.