Basic Web Hacking
NotSoSecure | July 22-23 & July 24-25
This course familiarises the attendees with a wealth of tools and techniques needed to breach the security of web applications. The course starts from the very basic and gradually build up to the level where attendees can not only use the tools and techniques to hack various components involved in web application hacking, but also walk away with a solid understanding of the concepts on which these tools work. The course also covers the industry standards such as OWASP Top 10, PCI DSS and contain numerous real life examples to help the attendees understand the true impact of these vulnerabilities. This course is constantly updated on a regular basis to ensure that the latest exploits and vulnerabilities are available within the hacklab and taught in this course.
During the class, we will give you VPN access to our state-of-art hacklab which is hosted in our data centre in UK. Once you are connected to the lab, you will find all the relevant tools/VMs there. We also provide a dedicated Kali VM to each attendee on the hacklab. The following the course outline:
- Understanding HTTP protocol
- Identifying the attack surface
- Username Enumeration
- Information Disclosure
- Issues with SSL/TLS
- Cross Site Scripting
- Cross-Site Request Forgery
- SQL Injection
- XXE attacks
- OS Code Injection
- Cryptographic weakness
- Business Logic Flaws
- Insecure File Uploads
Who Should Take this Course
System Administrators, web developers, SOC analysts, entry level/intermediate level penetration testers, network engineers, security enthusiasts and anyone who wants to take their skills to next level
The only requirement for this class is that you must bring your own laptop and have admin/root access on it. During the class, we will give you VPN access to our state-of-art hacklab which is hosted in our datacenter in UK. Once you are connected to the lab, you will find all the relevant tools/VMs there. We also provide a dedicated Kali VM to each attendee on the hacklab. So, you don't need to bring any VMs with you. All you need is admin access to install the VPN client and once connected, you are good to go!
Also, note that we will use an Ethernet/wired network for this class. If your laptop does not have that, please carry the right adaptor to ensure you can connect to the wired network.
What Students Should Bring
same as above
What Students Will Be Provided With
Access to a hacking lab not just during the course but for 30 days after the class too. This gives them plenty of time to practice the concepts taught in the class. Numerous scripts and tools will also be provided during the training, along with student hand-outs.
Sunil Yadav is an information security professional having over 7+ years of experience in application security, mobile security and source code review. Consulting experience with large organizations across different sectors assessing network, system and application security. Conducted national and international trainings and seminars on web application security, threat modelling, mobile security and secure coding. Won credits and accolades from organizations like Microsoft, LinkedIn, Yahoo, Nokia, PayPal and Oracle for identifying and reporting security vulnerabilities in their products.
Rohit Salecha is an information security professional with 6+ years of experience in Web/Mobile Applications and Infrastructure Security. He has also delivered training in Secure Coding Practices in JEE. Over the years, Rohit has trained many web developers and security engineers and help them getting better in writing secure code as well as to evaluate the security of their applications.