Advanced web hacking training icon

Advanced web hacking training

Our 3 day advanced web hacking training class

This fast-paced web hacking training class gives attendees an insight into advanced web hacking. The team has built a state-of-the-art hacklab and recreated security vulnerabilities based on real-life penetration tests and real bug bounties seen in the wild.

The AWH course has been excellent with 100% positive feedback. We've appreciated ourselves how much work must have gone into the labs, they are very strong and reflect the real world, so we've been thrilled. The trainers are great, very knowledgable and engaging.

Delegate, Black Hat USA 2016

Really liked the training. Advanced stuff covered a lot of not so easy to find scenarios. Hats off on the efforts in building the practice labs

Delegate, Black Hat USA 2016

  • Overview
  • Details
  • Pre-requisites & Audience
  • Brochure Download

Much like the advanced infrastructure hacking training class, this class talks about a wealth of hacking techniques to compromise web applications, APIs and associated end-points. This class focuses on specific areas of app-sec and on advanced vulnerability identification and exploitation techniques (especially server side flaws). The class allows attendees to practice some neat, new and ridiculous hacks which affected real-life products and have found a mention in real bug-bounty programs. The vulnerabilities selected for the class either typically go undetected by modern scanners or the exploitation techniques are not so well known. Attendees can also benefit from a state-of-art Hacklab and we can provide 30 days lab access after the class, to allow attendees more practice time.

Learning Objectives:

  • Modern JWT, SAML, oauth bugs
  • Business logic and crypto flaws
  • RCE via Java Serialisation, Object, OGNL and template injection
  • Exploitation over DNS channels
  • Advanced SSRF, HPP, XXE and SQLi topics
  • Attack chaining and real life examples

This fast-paced class gives attendees an insight into advanced web hacking. The team has built a state of the art hacklab and recreated security vulnerabilities based on real-life Penetration Tests and real bug bounties seen in the wild.

Authentication Bypass

Token Hijacking attacks Logical Bypass / Boundary Conditions

SAML / OAUTH 2.0 / AUTH-0 / JWT attacks

JWT Token Brute-Force attacks SAML Authentication and Authorization Bypass XXE through SAML Advanced XXE Exploitation over OOB channels

Password reset attacks

Cookie Swap Host Header Validation Bypass Case study of popular password reset fails.

Breaking Crypto

Known Plaintext Attack (Faulty Password Reset) Path Traversal using Padding Oracle Hash length extension attacks

SQL Injection

2nd order injection Out-of-Band exploitation SQLi through crypto OS code exec via powershell Advanced topics in SQli.

Remote Code Execution (RCE)

Java Serialisation Attack Node.js RCE PHP object injection Ruby/ERB template injection Exploiting code injection over OOB channel

Business logic flaws / Authorization flaws

Mass Assignment Invite/Promo Code Bypass Replay Attack API Authorisation Bypass

Server Side Request Forgery (SSRF)

SSL / TLS Bugs Deserialisation Bugs

Unrestricted upload

Malicious File Extensions Circumventing File validation checks

Miscellaneous topics

HTTP Parameter Pollution (HPP) XXE in file parsing A Collection of weird and wonderful XSS and CSRF attacks.

Attack chaining

Combining Client-side and or Server-side attacks to steal internal secrets

Audience

Whoever works with or against the security of modern web applications will enjoy and benefit from this class.

This is not a beginner class and attendees are expected to have a good prior understanding of the OWASP top 10 issues to gain maximum value from the class. Further to this, the class does not cover all AppSec topics and focuses only on advanced identification and exploitation techniques of the vulnerabilities discussed.

Download

Download brochure

Other courses to further your knowledge

Lab-based training - written by Black Hat trainers.

These classes are ideal for those preparing for CREST CCT (ICE), CREST CCT (ACE), CHECK (CTL), TIGER SST and other similar industry certifications, as well as those who perform penetration testing on infrastructure or web applications as a day job and wish to add to their existing skill set.

Book your training

Our accreditations

Crest
Check
Cyber essentials
ISO 27001
CEH Accreditation
CCISO Accreditation
CISSP Accreditation
CRISC Accreditation
OSCE Accreditation
OSCP Accreditation