SensePost: Web Application Hacking [HITB2021AMS Virtual]

Join us for a journey through the web exploitation universe. Get your hands dirty completing one of SensePost’s most practical courses. Understand how to exploit web vulnerabilities through the use of tools and doing manual exploitation.
Come join us and hack hard!



2 days

Delivery Method




Seats Available



2 days

Delivery Method





DATE: 25 & 26 May 2021

TIME: 09:00 to 17:00 CEST/GMT+2

Date Day Time Duration
25 May Tuesday 0900-17:00 CEST/GMT+2 8 Hours
26 May Wednesday 0900-17:00 CEST/GMT+2 8 Hours


(Course timing not suitable? Let us know!) 

Includes in-training access to your own individual lab, post-training support, AND credentials to SensePost’s web class portal containing slides, walkthroughs and tools!


This course will teach you how to analyse web applications for vulnerabilities and exploit them. Whether you’re a developer looking to better understand how to defend your applications or a penetration tester looking to enhance your web application bug hunting, this course is for you.

SensePost has been conducting penetration tests against web applications for nearly two decades and has distilled its approach into this course. SensePost is the specialist pen testing arm of Orange Cyberdefense.

The training will provide a thorough and scientific approach along with techniques to maximise coverage of an application.  It is in a highly practical format, with over 20 different practical exercises. You’ll learn how to hand exploit numerous common web vulnerabilities, and understand the theory behind them. You will be better able to help developers prevent these classes of attacks in their applications. We aim to teach you the trade not just the tricks, and while tools are covered and help, you will be taught how to exploit many of these vulnerabilities by hand.

Students will be provided with:
  • Access to our web class portal containing slides, practicals, walkthroughs, tools and prerequisites. This is accessible after the training.
  • Access to your own individual lab with numerous targets and capabilities, used for the practicals.


  • Topics covered:

    • Introduction to Web Technologies. • Cookies and Session Management. • Introduction to Web Vulnerabilities. • Client and Server Side Attacks. • Indirect Object References. • Path traversal. • Insecure file upload and file inclusion. • XSS/CSRF, DOM Injections and Cache Attacks. • SQL Injection. • Java Deserialisation. • APIs, Microservices and Widgets. • WebAssembly Vulnerabilities. Join us and hack the webs!

Why You Should Take This Course


Who Should Attend

Defenders, developers or administrators looking to learn how to test web applications for vulnerabilities and penetration testers with limited web application experience looking to expand their skill set in this area. This course stems out of years of experience and is taught by active penetration testers. You’ll have a bunch of fun while having your hands glue to the keyboards with all the practical exercises.  

Key Learning Objectives

  • A general approach and methodology for hacking web applications

  • A good understanding of the tools and techniques for examining web applications Practical and practiced skills (there are a lot of pracs in this course)
  • Prerequisite Knowledge

    • Hacking experience isn’t a requirement for this course.
    • However, a technical understanding of how web applications work is required.
    • Development experience isn’t a requirement but can help.
    Fundamentals of programming:
    While not a strict requirement, students will benefit from having an understanding of the following topics before attending the course: Programming in the following languages:-
    • HTML
    • JavaScript
    • SQL
    • NoSQL

    Hardware / Software Requirements

    • Computer with access to the Internet.
    • Firefox browser.

    Your Instructor

    No data was found