Web hacking training icon

Web hacking training

A 2 day web hacking training class that provides an entry level into Web Application Security. It is ideal if you want to learn ethical hacking and penetration testing with a focus on web applications.

One of our intermediate level web hacking courses. When combined with our Infrastructure Hacking course, it forms the Art of Hacking module. It lets you step into the world of ethical hacking and penetration testing with a focus on web applications.

Very organised and clearly presented. Great having hands-on experience with individuals ready to assist when help is needed

Delegate, Black Hat USA 2016

One of the best classes I have taken in a long time. The contest was on-point and kept me engaged. I am new to Cybersecurity after 25 years in App Development and am very pleased with what I have learned

Delegate, Black Hat USA 2016

Really enjoyed the lab and the walkthroughs, it helped expedite the learning process.

Delegate, Black Hat USA 2016

  • Overview
  • Details
  • Pre-requisites & Audience
  • Brochure Download

This is an entry-level web application security-testing class and is a recommended pre-requisite for our Advanced Web Hacking class. The class familiarises you with the basics of web and application hacking, using a number of tools and techniques that will be taught during the 2 day class. If you would like to step into the world of ethical hacking and pen testing with a focus on web applications, then this is the right class for you.

Learning objectives

  • An introduction into web application hacking
  • Practical in focus, it teaches how web application security flaws are discovered
  • It covers leading industry standards and approaches
  • Builds the foundation to progress your knowledge and move into more advanced Web Application topics

The class familiarises attendees with a wealth of hacking tools and techniques, starting from the very basic and gradually building up to the level where attendees not only use the tools and techniques to hack various components involved in web hacking, but also walk away with a solid understanding of the concepts on which these tools work.

Day 1

Information Gathering, Profiling and Cross-Site Scripting:

  • Understanding HTTP Protocol
  • Identifying the Attack Surface
  • Username Enumeration
  • Information Disclosure
  • Issues with SSL/TLS
  • Cross-Site Scripting
  • Cross-Site Request Forgery

Day 2

Injection, Flaws, Files and Hacks:

  • SQL Injection
  • XXE Attacks
  • OS Code Injection
  • Local/Remote File Include
  • Cryptographic Weakness
  • Business Logic Flaws
  • Insecure File Uploads

Audience

System Administrators, Web Developers, SOC analysts, Penetration Testers, network engineers, security enthusiasts and anyone who wants to take their skills to the next level.

Student requirements

Students should bring their own laptop with a Windows Operating System installed (either natively or running in a VM). Further, students must have administrative access to perform tasks such as installing software, disabling antivirus etc. Devices that don’t have an Ethernet connection (e.g. MacBook Air, tablets etc.) are not supported.

Download

Download brochure

Other courses to further your knowledge

Lab-based training - written by Black Hat trainers.

These classes are ideal for those preparing for CREST CCT (ICE), CREST CCT (ACE), CHECK (CTL), TIGER SST and other similar industry certifications, as well as those who perform penetration testing on infrastructure or web applications as a day job and wish to add to their existing skill set.

Book your training

Our accreditations

Crest
Check
Cyber essentials
ISO 27001
CEH Accreditation
CCISO Accreditation
CISSP Accreditation
CRISC Accreditation
OSCE Accreditation
OSCP Accreditation