Extreme Web Hacking is a brand new class designed with one goal in mind – achieving mastery over web application penetration testing. We begin where other web hacking classes leave off. We are here to take your web hacking skills to the next level by putting you through challenging real-world application scenarios.
Extreme Web Hacking is all about working your way through problems and challenges faced in the real world. The class is centered around a set of applications with progressively increasing degrees of complexity found in today's real world scenarios.
The class is taught by instructors who are expert penetration testers having a vast experience from testing hundreds of complex applications. The class features an intermediate to advanced level of complexity, so that the participants become an expert in web hacking.
- 1.Introduction – A deeper look at HTTP
- 2.Advanced Input Tampering
- 3.Practical challenges with SQL Injection
– Sub-queries, Nested injection, Blind injection, Filter evasion,
Data exfiltration, Host OS access,
- 4.Privilege Escalation
- 5.Understanding Browser anomalies
- 6.Advanced XSS payloads
– DOM Exfiltration, XSS Filter Bypass
- 7.Advanced Payload Encoding Tricks
- 8.WAF evasion and bypass
- 9.Server side attacks
– practical LFI, RFI, XPATH injection,
File upload bypasses, Web Services,
- 10.Fun with HTTP
– HTTP Parameter Pollution, Multipart-MIME inputs,
- 11.Client side attacks
– CSRF, Clickjacking, open URL redirection,
- 12.Attacking rich client interfaces
– AJAX, Flash, Websockets, HTML5 local storage
Customizing, scripting and chaining tools
such as BURP suite, SQLmap and OWASP ZAP.