HBN Reloaded : Web Application Bootcamp

There’s a web application for most parts of our Internet lives and to a degree, our daily lives. With this large surface area, there’s no doubt that they are often the entry point for most breaches. If you look at some of the biggest hacks in the last 18 months, the compromises can be largely attributed to flaws in a web applications.

This course sets the scene for you start at the beginning with the basics and go all the all the way to learn how to exploit the more advanced techniques. The course focuses on the fundamentals rather than specific tools and introduces you to our hacking methodology refined over thousands of assessment conducted over the last 14 years.

This two day course has enough theory to ensure you understand what you are trying to achieve, but with a heavy focus on practical exercises. Students should expect lots of hands on hacking with some of the finest hackers in the industry!

Course Topics

The fundamentals – setting the foundation. Testing basics, tools of the trade, HTTP and related technology introduction.

Know your enemy – reconnaissance, enumeration and landscape discovery.

Breaking bad – the application series:

  • SQL Injection on various platforms – how to really pwn databases.
  • XML and XML Entity Injection.
  • XPath and LDap Injection.
  • Cross-Site Scripting (Reflective, Persistent and DOM based) – this is not the pop-up you are interested in.
  • Attacking WebServices (XML, JSON)
  • Client side technologies such as Flash, Silverlight and ActiveX

Student Requirements

Students need to ensure they have the necessary level of skill. No hacking experience is required for this course, but a solid technical grounding is an absolute must. This includes basic Linux operating system knowledge, a basic understanding of web applications and networking fundamentals.

Who Should Take This Course

This course is ideally suited to those wishing to learn how to test web applications for vulnerabilities, to those experienced infrastructure pentesters that want to expand their skill set into web applications. This course is about tearing apart applications and understanding how attackers are breaching corporate deployments.

Pricing, Location and Availability

This is a two-day course that can be presented at your premises (in-house) or at local training centres. Prices are available on request.