SensePost: Web Application Hacking
2-Day Training | In-person
| 22-23 November 2021

SensePost: Web Application Hacking

This course will teach you how to analyse web applications for vulnerabilities and exploit them. SensePost has been conducting penetration tests against web applications for nearly two decades and has distilled their approach into this course. Providing a thorough and scientific approach, techniques to maximise coverage of an application will be taught. Whether you're a developer looking to better understand how to defend your applications or a penetration tester looking to enhance your web application bug hunting, this course is for you.

INCLUDES IN-TRAINING ACCESS TO YOUR OWN INDIVIDUAL LAB, POST-TRAINING SUPPORT, AND CREDENTIALS TO SENSEPOST’S WEB CLASS PORTAL CONTAINING SLIDES, WALKTHROUGHS AND TOOLS!

Information Security Analyst, SensePost

Available seats

TBA

Difficulty

Intermediate
US$ 2,299

Attend in-person

at ADNEC Abu Dhabi

Attend online

TBA

Date

22-23 November 2021

Time

09:00 to 17:00 GST/GMT+4
To be announced

This course will teach you how to analyse web applications for vulnerabilities and exploit them. SensePost has been conducting penetration tests against web applications for nearly two decades and has distilled their approach into this course. Providing a thorough and scientific approach, techniques to maximise coverage of an application will be taught.

Whether you're a developer looking to better understand how to defend your applications or a penetration tester looking to enhance your web application bug hunting, this course is for you.

Students will be provided with:

  • Access to our web class portal containing slides, practicals, walkthroughs and tools and prerequisites. This is accessible during and after the training.
  • Access to your own individual lab with numerous targets and capabilities, used for the practicals. This is accessible during the training course.
  • Defenders, developers, or administrators looking to learn how to test web applications for vulnerabilities.
  • Penetration testers with limited web application experience looking to expand their skill set in this area.

Hacking experience isn't a requirement for this course. However, a technical understanding of how web applications work is required. Development experience isn't a requirement but can help.

The course is aimed at individuals with beginner to intermediate knowledge of web applications and hacking.

While not a strict requirement, students will benefit from having an understanding of the following topics before attending the course:

  • Fundamentals of programming
  • Programming in the following languages:
    • HTML
    • JavaScript
    • SQL
    • NoSQL

 

A familiarity of these topics can be obtained from the following links or other resources:

  • https://www.tutorialspoint.com/computer_programming/computer_programming_functions
  • https://www.w3schools.com/html/html_intro.asp
  • https://www.w3schools.com/js/js_intro.asp
  • https://www.w3schools.com/sql/default.asp
  • https://www.guru99.com/mongodb-query-document-using-find.html

Whether you're a developer looking to better understand how to defend your applications or a penetration tester looking to enhance your web application bug hunting, this course is for you.

  • A general approach and methodology for hacking web applications
  • A good understanding of the tools and techniques for examining web applications
  • Practical and practiced skills (there are a lot of pracs in this course)

No equipment other than a laptop is needed.

+Testimonials

No data was found

+agenda

Title

Details

Date

No data was found

Book your spot for this training

+TRAINERS

Szymon Ziolkowski
Information Security Analyst, SensePost

Szymon Ziolkowski is an information security analyst at SensePost. Szymon went straight from university into hacking organizations and has been doing so for multiple years. Whenever he presents anything internally, he often takes the opportunity to lobby for an office in Poland, don’t bring this up as you’ll hear all about the good of Poland. We like him even though he is mostly busy counting his goats.

+OTHER COURSES YOU MIGHT BE INTERESTED IN

x86-64 All You Can Learn Buffet!
US$ 4,299
x86-64 All You Can Learn Buffet!

This class is run a little different from most classes. We provide you purpose-built recorded lectures instead of trapping you in realtime with live-lectures. But fear not, the instructor is always right there eagerly waiting to mingle with the students and answer any questions you have. (The instructor really likes being asked questions. It shows you're paying attention ;)). One of many benefits is that you can watch lectures at 2x speed and zoom ahead of the other students and get to the hands on labs quicker. Or if there's bits of material you already know, you can just skip them and move on to the bits you don't know! Another big benefit is that you get to take the full lectures and labs with you! That means if you forget stuff and then need it in 6 months, you can quickly re-bootstrap yourself! Or you can watch the class twice, to really grow those neural connections and cement it in your brain! And unlike live lectures, our lectures are always getting more factually accurate, by having any accidental errors edited out.


Go HERE to join the 2-day x86-64 Assembly class. Or,
Go HERE to join the 2-day x86-64 OS Internals class. Or,
Go HERE to join the 4-day x86-64 Reset Vector Firmware class.
4-Day Training Hybrid
x86-64 Reset Vector Firmware
US$ 2,299
x86-64 Reset Vector Firmware

This class is designed to give you all the background you need to understand how x86-64 reset vector firmware works, and what the most common security misconfigurations are. It will prepare you to be able to read and understand the existing attack and defense research in the space, taking an explicit walk through of the attack and defense moves and counter-moves threat tree. And as always, this classes teaches you to be comfortable with Reading The Fun Manual (RTFM!) to go seek out the most accurate details of how things work, and to see out new problems in new areas that no one's read yet with a security mindset.

You can also opt to attend this class on 23 & 24 Nov instead. To do so, just email info@cyberweek.ae

Go HERE to join the 2-day x86-64 Assembly class. Or,
Go HERE to join the 2-day x86-64 OS Internals class. Or,
Go HERE to join the 4-day x86-64 All You Can Learn Buffet class.
2-Day Training Hybrid
x86-64 OS Internals
US$ 2,299
x86-64 OS Internals

This class teaches you about the fundamental hardware mechanisms which all operating systems, virtualization systems, and firmware *must* interact with in order to run successfully on x86 hardware. This is taught in a *mostly* OS-agnostic way focusing on Intel-isms rather than OS-isms (albeit with using Windows as reinforcement, thanks to its excellent kernel-level debugging support.) This class also teaches you to be comfortable with Reading The Fun Manual (RTFM!) to give you self-sufficiency when seeking out the most accurate details of how things work.

You can also opt to attend this class on 23 & 24 Nov instead. To do so, just email info@cyberweek.ae

Go HERE to join the 2-day x86-64 Assembly class. Or,
Go HERE to join the 2-day x86-64 Reset Vector Firmware class. Or,
Go HERE to join the 4-day x86-64 All You Can Learn Buffet class.
2-Day Training Hybrid
x86-64 Assembly
US$ 2,299
x86-64 Assembly

This class teaches you how to disassemble binaries, read x86-64 assembly language, and debug black-box binaries in WinDbg and GDB. This knowledge of assembly is the fundamental skill which is required to learn reverse engineering and vulnerability exploitation. Reverse engineering is in turn a fundamental skill which is required for malware analysis and vulnerability hunting.

 

You can also opt to attend this class on 23 & 24 Nov instead. To do so, just email info@cyberweek.ae

 
Go HERE to join the 2-day x86-64 OS Internals class. Or,
Go HERE to join the 2-day x86-64 Reset Vector Firmware class. Or,
Go HERE to join the 4-day x86-64 All You Can Learn Buffet class.  
2-Day Training Hybrid