DATE: 25 & 26 May 2021
TIME: 09:00 to 17:00 CEST/GMT+2
|25 May||Tuesday||0900-17:00 CEST/GMT+2||8 Hours|
|26 May||Wednesday||0900-17:00 CEST/GMT+2||8 Hours|
(Course timing not suitable? Let us know!)
Includes in-training access to your own individual lab, post-training support, AND credentials to SensePost’s web class portal containing slides, walkthroughs and tools!
This course will teach you how to analyse web applications for vulnerabilities and exploit them. Whether you’re a developer looking to better understand how to defend your applications or a penetration tester looking to enhance your web application bug hunting, this course is for you.
SensePost has been conducting penetration tests against web applications for nearly two decades and has distilled its approach into this course. SensePost is the specialist pen testing arm of Orange Cyberdefense.
The training will provide a thorough and scientific approach along with techniques to maximise coverage of an application. It is in a highly practical format, with over 20 different practical exercises. You’ll learn how to hand exploit numerous common web vulnerabilities, and understand the theory behind them. You will be better able to help developers prevent these classes of attacks in their applications. We aim to teach you the trade not just the tricks, and while tools are covered and help, you will be taught how to exploit many of these vulnerabilities by hand.
Students will be provided with:
- Access to our web class portal containing slides, practicals, walkthroughs, tools and prerequisites. This is accessible after the training.
- Access to your own individual lab with numerous targets and capabilities, used for the practicals.
Key Learning Objectives
- A general approach and methodology for hacking web applications
- A good understanding of the tools and techniques for examining web applications Practical and practiced skills (there are a lot of pracs in this course)
Who Should Attend
Defenders, developers or administrators looking to learn how to test web applications for vulnerabilities and penetration testers with limited web application experience looking to expand their skill set in this area.
This course stems out of years of experience and is taught by active penetration testers. You’ll have a bunch of fun while having your hands glue to the keyboards with all the practical exercises.
- Hacking experience isn’t a requirement for this course.
- However, a technical understanding of how web applications work is required.
- Development experience isn’t a requirement but can help.
Fundamentals of programming:
While not a strict requirement, students will benefit from having an understanding of the following topics before attending the course:
Programming in the following languages:-
Hardware / Software Requirements
- Computer with access to the Internet.
- Firefox browser.
• Introduction to Web Technologies.
• Cookies and Session Management.
• Introduction to Web Vulnerabilities.
• Client and Server Side Attacks.
• Indirect Object References.
• Path traversal.
• Insecure file upload and file inclusion.
• XSS/CSRF, DOM Injections and Cache Attacks.
• SQL Injection.
• Java Deserialisation.
• APIs, Microservices and Widgets.
• WebAssembly Vulnerabilities.
Join us and hack the webs!