On This Page

Basic Web Hacking

NotSoSecure | August 4-5 & August 6-7


This course familiarizes the attendees with a wealth of tools and techniques needed to breach the security of web applications. The course starts from the very basic and gradually build up to the level where attendees can not only use the tools and techniques to hack various components involved in web application hacking, but also walk away with a solid understanding of the concepts on which these tools work. The course also covers the industry standards such as OWASP Top 10, PCI DSS and contain numerous real life examples to help the attendees understand the true impact of these vulnerabilities. This course is constantly updated on a regular basis to ensure that the latest exploits and vulnerabilities are available within the Hacklab and taught in this course.

The following is the course outline:

Day 1:
  • Understanding the HTTP protocol
  • Identifying the attack surface
  • Information gathering
  • Authentication Flaws
  • Online/Offline brute-force attacks
  • Cryptographic Flaws
  • Issues with SSL/TLS
  • Authorization Bypass

Day 2:
  • Insecure Direct Object Reference
  • Cross Site Scripting (XSS)
  • Reflective and Persistent XSS
  • Cross Site Request Forgery (CSRF)
  • SQL Injection (SQLi)
  • Tools and Techniques for exploiting SQLi
  • XML External Entity (XXE) Attacks
  • Insecure File Uploads

Who Should Take this Course

System Administrators, web developers, SOC analysts, entry level/intermediate level penetration testers, network engineers, security enthusiasts and anyone who wants to take their skills to next level

Student Requirements

Students must bring their own laptop and have admin/root access on it. The laptop should have at least 4 GB RAM and 20 GB of free disk space and a working copy of the latest Kali Operating System. Kali OS should be run inside a Virtual machine (e.g. VMware Workstation/Fusion/Player or Virtual Box).

What Students Should Bring

See student requirement

What Students Will Be Provided With

Access to a hacking lab not just during the course but for 30 days after the class too. This gives them plenty of time to practice the concepts taught in the class. Numerous scripts and tools will also be provided during the training, along with student hand-outs.


Rohit Salecha is a senior information security professional with 8+ years of experience in Web/Mobile Applications and Infrastructure Security. He has also delivered training in Secure Coding Practices in JEE. Over the years, Rohit has trained many web developers and security engineers and help them getting better in writing secure code as well as to evaluate the security of their applications. Rohit was also a trainer at BH USA 2017.