The Web Application Hacker's Handbook - Live Edition
Next course location
Black Hat USA, Las Vegas, 30 July - 2 August, 2011.
Register here.
We can also deliver training privately for your pen-testing or web development
team. For more details, please contact
us.
Course overview
The Web Application Hacker’s Handbook is the most deep
and comprehensive general purpose guide to hacking web applications that is
currently available. This course is a practical opportunity to take the skills
and theory taught in the book to the next level, experimenting with all of the
tools and techniques against numerous vulnerable web applications and labs,
under the guidance of the book’s authors. The course also includes new material
from the forthcoming second edition of WAHH, bringing the book right up to date
with the latest attacks.
Course syllabus
The course follows the contents of WAHH, with a
strong focus on practical techniques:
- Overview of web application security (chapters 1-3)
- Mapping the application and its attack surface (chapter 4)
- Bypassing client-side controls (chapter 5)
- Attacking core security mechanisms: authentication, session handling,
access controls (chapters 6-8)
- Using automation to enhance manual testing (chapter 13)
- Injecting code and other input-based attacks (chapters 9-10)
- Attacking application logic (chapter 11)
- Attacking other users (chapter 12)
We will cover a huge range of attacks and techniques, including:
- Injection into SQL, XML, LDAP, XPath, SOAP and other back-end contexts
- The nuances of SQL injection against Oracle, MySQL and MSSQL
- Finding and exploiting subtle flaws in authentication mechanisms
- Exploiting seemingly "low risk" issues to achieve full application compromise
- Getting the most out of Burp Suite and other tools
- Turning theoretical attacks into practical exploits
- The latest attack techniques which have been developed in recent months
- And much more ...
The course employs a range of demo applications and lab exercises, containing
hundreds of different examples of web application vulnerabilities.
Teaching methods
- Brief theory delivered in lecture-style with examples
- Interactive demonstrations of key techniques
- Hands-on hacking, supported by the WAHH authors
- Capture the flag contest
See more information and register here.