Ignit Logo

Advanced Web Hacking

Virtual Learning: 3,180€ + IVA

REF: NSSAWH Catálogo: Cybersecurity Área: Cybersecurity, Claranet Cyber Security (NotSoSecure)

Duração icon

Duração:

5 dias

Próxima Data icon

Próxima Data:

15 a 19 Sep 2025

Local icon

Local:

Online

Descrição

Much like our popular Advanced Infrastructure Hacking class, this class talks about a wealth of hacking techniques to compromise web applications, APIs, cloud components and other associated end-points. This class focuses on specific areas of appsec and on advanced vulnerability identification and exploitation techniques (especially server side flaws). The class allows attendees to practice some neat, new and ridiculous hacks which affected real life products and have found a mention in real bug-bounty programs. The vulnerabilities selected for the class either typically go undetected by modern scanners or the exploitation techniques are not so well known.

*PVP por participante. A realização do curso nas datas apresentadas está sujeita a um quórum mínimo de inscrições.

Destinatários

  • Web developers
  • SOC analysts
  • Intermediate level penetration testers
  • DevOps engineers, network engineers
  • Security architects
  • Security enthusiasts
  • Anyone who wants to take their skills to the next level

This course is suitable for in-house security teams from intermediate to pro level. It’s also relevant to other security and IT practitioners and managers who want to understand the current threat landscape and defend their organization.

  • Área: Cybersecurity

  • Certificação Associada: Advanced Web Hacking

Quero inscrever-me.

Programa:

INTRODUCTION

  • Lab setup and architecture overview
  • Burp Suite 101

ATTACKING AUTHENTICATION AND SINGLE SIGN ON (SSO)

  • Boundary Condition
  • Exploiting JWT and JWS Implementation
  • SAML Authorization Bypass
  • Case Studies:
    • Bypassing 2-Factor Authentication (2FA)
    • Authentication Bypass using Subdomain Takeover
    • OAuth Misconfiguration Attack

PASSWORD RESET ATTACKS

  • Cookie Swap Attack
  • Host Header Validation Bypass
  • Bypassing IP Based Brute force Protections

BUSINESS LOGIC FLAWS / AUTHORIZATION FLAWS

  • Mass assignment
  • Second Order IDOR
  • HTTP Parameter Pollution (HPP)
  • Identifying and Exploiting Race Conditions in Web Apps

API PENTESTING

  • API Authorization Bypass - REST APIs
  • Exploiting GraphQL APIs

XML EXTERNAL ENTITY (XXE) ATTACK

  • XXE Basics
  • Advanced XXE Exploitation over OOB channels
  • XXE through SAML
  • XXE in File Parsing

BREAKING CRYPTOGRAPHY

  • Known plaintext attack (faulty password reset)
  • Exploiting padding oracles with fixed IVs
  • Hash length extension attacks
  • Auth bypass using .NET machine key

REMOTE CODE EXECUTION (RCE)

  • PHP Deserialization Attack
  • Java Serialisation Attack:
    • Binary
    • XML
    • SerialVersionUID mismatch
  • .Net Serialisation Attack
  • Plex Python Deserialization Attack
  • Leverage Git Misconfiguration to ViewState Deserialization
  • Server Side Template Injection
  • Server-Side Template Injection in YouTrack

SQL INJECTION (SQLi) MASTERCLASS

  • 2nd order injection
  • Out-of-Band exploitation
  • SQLi through cryptography
  • OS code execution via PowerShell
  • Advanced topics in SQLi
  • Advanced SQLMap usage and web application firewall (WAF) bypass

TRICKY FILE UPLOAD

  • Malicious File Extensions
  • Circumventing File validation checks
  • Exploiting hardened web servers
  • SQL injection via File Metadata

SERVER-SIDE REQUEST FORGERY (SSRF)

  • SSRF to query internal network
  • SSRF to exploit templates and extensions
  • SSRF filter bypass techniques: SSRF Filter Bypass via DNS Rebinding

ATTACKING THE CLOUD

  • Serverless exploitation -Google Dorking in the Cloud era
  • Cognito misconfiguration to data exfiltration
  • SSRF to RCE in Legacy AWS Web Applications
  • Case studies:
    • SSRF to Amazon Elastic Compute Cloud (EC2) takeover
    • AWS credentials Leaked (Netflix, TD Bank)

WEB CACHING ATTACKS

  • Web Cache Deception
  • Web Cache Poisoning Attack
  • Web Cache Poisoning in Drupal8

CLIENT-SIDE VULNERABILITIES

  • Exploiting Post Message Bugs
  • Writing your own Burp Plugins to Bypass Integrity Checks
    • Understanding the Limitation
    • Understanding Burp Montaya APIs
    • Writing your Burp Plugin
    • Exploiting the Application
  • HTTP Desync Attack

VARIOUS CASE STUDIES

  • A Collection of weird and wonderful XSS, CSRF, SSRF, RCE attacks

Pré-requisitos:

Delegates must have the following to make the most of the course:

  • Intermediate knowledge of web application security (at least 2 years’ experience)
  • Common command line syntax competency
  • Experience using virtual labs for pentesting and/or offensive research
  • Basic working knowledge of Burp Suite (download here)

Quero inscrever-me.

Partilha:

We meet future and then we make it spark slogan

Precisas de ajuda a encontrar o teu futuro?

A background of the Ignit sparks