Extreme Web Hacking
Extreme Web Hacking is a brand new class designed with one goal in mind – achieving mastery over a web application penetration testing. We begin where other web hacking classes leave off. We are here to take your web hacking skills to the next level by putting you through challenging real-world application scenarios. Extreme Web Hacking is all about working your way through the problems and challenges faced in the real world. The class is centered around a set of applications with progressively increasing degrees of complexity found in today's real-world scenarios. The class is taught by instructors who are expert penetration testers having vast experience from testing hundreds of complex applications. The class features an intermediate to advanced level of complexity so that the participants become an expert in web hacking.
Course outline
- Introduction – A deeper look at HTTP
- Advanced Input Tampering
- Practical challenges with SQL Injection
- Sub-queries, Nested injection, Blind injection, Filter evasion Data exfiltration, Host OS access,
- Privilege Escalation
- Understanding Browser anomalies
- Advanced XSS payloads
- DOM Exfiltration, XSS Filter Bypass
- Advanced Payload Encoding Tricks
- WAF evasion and bypass
- Server side attacks
- practical LFI, RFI, XPATH injection,File upload bypasses, Web Services,REST attacks
- Fun with HTTP
- HTTP Parameter Pollution, Multipart-MIME inputs, abusing redirects
- Client side attacks
- CSRF, Clickjacking, open URL redirection, session fixation.
- Attacking rich client interfaces
- AJAX, Flash, Websockets, HTML5 local storage Customizing, scripting and chaining tools such as BURP SQLmap, and OWASP ZAP.