Special Notices

We recommend that all delegates are familiar with the principles of TCP/IP networking and have a working knowledge of Windows operating systems. It is essential that delegates have a good practical ‘hands-on’ experience of the Linux command line and Linux utilities. We recommend our Understanding Linux (Linux Primer) QALXPR-1 course.

Overview

NotSoSecure is pleased to launch their much awaited advanced Web Hacking course. Much like the Advanced Infrastructure Hacking class, this course talks about a wealth of hacking techniques to compromise web applications, APIs and associated end-points. This three day course will focus on specific areas of app-sec and on advanced vulnerability identification and exploitation techniques (especially server side flaws).

The course allows attendees to practice some neat, new and ridiculous hacks which affected real life products and have found a mention in real bug-bounty programs. The vulnerabilities selected for the course either typically go undetected by modern scanners or the exploitation techniques are not so well known.

Attendees can also benefit from a state-of-art Hacklab and we will be providing 30 days lab access after the course to allow attendees more practice time. This fast-paced course, gives attendees an insight into Advanced Web Hacking, the NotSoSecure team has built a state of the art Hacklab and recreated security vulnerabilities based on real life Pen Tests and real bug bounties seen in the wild.

Prerequisites

Whoever works with or against the security of modern web applications will enjoy and benefit from this course. This is not a beginner class and attendees are expected to have a good prior understanding of the OWASP top 10 issues to gain maximum value from the class. Further to this, the course does not cover all AppSec topics and focuses only on advanced identification and exploitation techniques of the vulnerabilities shown on the right.

This course will be suitable for delegates Interested in the SANS Institute course SEC542: Web App Penetration Testing and Ethical Hacking

Learning Outcomes

  • Authentication bypass
  • Saml / oauth 2.0 / auth-0 / jwt attacks
  • Password reset attacks
  • Breaking crypto
  • Business logic flaws / authorization flaws
  • Sql injection
  • Remote code execution (rce)
  • Server side request forgery (ssrf)
  • Unrestricted file upload
  • Attack chaining

Course Outline

AUTHENTICATION BYPASS

  • Token Hijacking attacks
  • SQL column truncation attack
  • Logical Bypass / Boundary Conditions

SAML / OAUTH 2.0 / AUTH-0 / JWT ATTACKS

  • JWT Token Brute-Force attacks
  • SAML Authentication and Authorization Bypass
  • XXE through SAML
  • Advanced XXE Exploitation over OOB channels

PASSWORD RESET ATTACKS

  • Cookie Swap
  • Host Header Validation Bypass
  • Case study of popular password reset fails.

BREAKING CRYPTO

  • Known Plaintext Attack (Faulty Password Reset)
  • Path Traversal using Padding Oracle
  • Hash length extension attacks

BUSINESS LOGIC FLAWS / AUTHORIZATION FLAWS

  • Mass Assignment
  • Invite/Promo Code Bypass
  • Replay Attack

SQL INJECTION

  • 2nd order injection
  • Out-of-Band exploitation
  • SQLi through crypto
  • NoSQL Injection
  • OS code exec via PowerShell
  • Advanced topics in SQLi

REMOTE CODE EXECUTION (RCE)

  • Java Serialisation Attack
  • Node.js RCE
  • PHP object injection
  • RCE through XXE (with blind XXE)
  • RCE through XSLT
  • Rails’ Remote Code Execution
  • Ruby/ERB template injection
  • Exploiting code injection over OOB channel

SERVER SIDE REQUEST FORGERY (SSRF)

  • SSRF to query internal network
  • SSRF to code exec

UNRESTRICTED FILE UPLOAD

  • Malicious File Extensions
  • Circumventing File validation checks
  • Web shells for modern platforms

MISCELLANEOUS TOPICS

  • HTTP Parameter Pollution (HPP)
  • XXE in file parsing
  • A Collection of weird and wonderful XSS and CSRF attacks

ATTACK CHAINING

  • Combining Client-side and Server-side attacks to
  • steal internal secrets
  • B33r 101

Cyber Security Learning Paths

Want to boost your career in Cyber Security? Click on the roles below to see QA‘s learning pathways, specially designed to give you the skills to succeed.

= Required
= Certification
Cyber Management
Cyber Tech
Privacy
AppSec
Security Auditor
Intrusion Analyst
CompTIA Security Includes Security+, CySA+ and CASP
Industrial Control Systems & Operational Technology Technical
Industrial Control Systems & Operational Technology Management
Cyber Management Average salary: £80,000*

Total individual course price: £6,090 ex VAT

Bundle price: £5,175 ex VAT

Saving: £915

12 days

Buy bundle View bundle
Cyber Tech Average salary: £72,000*

Total individual course price: £7,555 ex VAT

Bundle price: £6,425 ex VAT

Saving: £1,130

14 days

Buy bundle View bundle
Privacy Average salary: £55,000*

Total individual course price: £6,630 ex VAT

Bundle price: £5,635 ex VAT

Saving: £995

11 days

Buy bundle View bundle
AppSec Average salary: £67,250*

Total individual course price: £6,855 ex VAT

Bundle price: £5,825 ex VAT

Saving: £1,030

7 days

Buy bundle View bundle
Security Auditor Average salary: £65,000*

Total individual course price: £6,560 ex VAT

Bundle price: £5,575 ex VAT

Saving: £985

13 days

Buy bundle View bundle
Intrusion Analyst Average salary: £65,000*

Total individual course price: £7,445 ex VAT

Bundle price: £6,330 ex VAT

Saving: £1,115

11 days

Buy bundle View bundle
CompTIA Security Average salary: £57,000*

Total individual course price: £7,260 ex VAT

Bundle price: £6,170 ex VAT

Saving: £1,090

14 days

Buy bundle View bundle
Key for bundle contents
= Exam Preparation
= Exam
= Practice Exam
= Exam Voucher
= Tutor Support
= Pre Course Work
*This is based on QA research