Web Application Hacking

מק"ט: #4027 | משך קורס: 32 שעות אק'

This course is a practical guide to discovering and exploiting security flaws in web applications. By “web applications” we mean those that are accessed using a web browser to communicate with a web server. We examine a wide variety of different technologies, such as databases, file systems, and web services, but only in the context in which these are employed by web applications.

The focus of this course is highly practical. Although we include sufficient background and theory for you to understand the vulnerabilities that web applications contain, our primary concern is the tasks and techniques that you need to master to break into them. Throughout the course, we spell out the specific steps you need to follow to detect each type of vulnerability, and how to exploit it to perform unauthorized actions.

לפרטים נוספים, מלא את פרטיך או התקשר 03-7100673
*שדות חובה


  • Improve your understanding of web vulnerabilities and security
  • Improve your understanding of web technologies
  • Map web applications
  • Learn how to attack Authentication and Session
  • Learn how to attack data-stores
  • Learn how to attack users (XSS)
  • Learn how to attack Access Controls
  • Learn how to attacking Back-End Components and Application Logic

קהל יעד

  • Web developers, QA teams
  • Security teams, Penetration testers

תנאי קדם

  • Familiarity with web technologies
  • Linux shell
  • Developing, Networking or IT background


#1: Web Application (In) security

  • The Evolution of Web Applications
  • The Evolution of Web Attacks
  • The Evolution of Security Controls


#2: Meet the Web-stack

  • Server OS platforms
  • Web servers (apache, nginx, Light-httpd, IIS etc.)
  • Server-side application frameworks and programing languages
  • Data-stores; Relational (SQL) and non-relational (noSQL)
  • Client-side technologies (Browsers, HTML, CSS, javascript etc.)


#3: Mapping the Application

  • Web spidering (automated and user directed)
  • Discovering Hidden Content
  • Application Pages Versus Functional Paths
  • Discovering Hidden Parameters
  • Identifying Entry Points for User Input
  • Identifying Server-Side Technologies and Functionality
  • Mapping the Attack Surface
  • Transmitting Data Via the Client
  • Capturing User Data: HTML Forms
  • Capturing User Data: Browser Extensions


#4: Authentication and Session Attacks

  • Authentication Technologies
  • Design Flaws in Authentication Mechanisms
  • Implementation Flaws in Authentication
  • Securing Authentication
  • The Need for State
  • Weaknesses in Token Generation
  • Weaknesses in Session Token Handling
  • Securing Session Management


#5: Attacking Data Stores

  • Exploiting a Basic Vulnerability
  • Injecting into Different Statement Types
  • Finding SQL Injection Bugs
  • Fingerprinting the Database
  • Extracting Data with UNION
  • Bypassing Filters
  • Second-Order SQL Injection
  • Advanced Exploitation
  • Beyond SQL Injection: Escalating the Database Attack
  • Using SQL Exploitation Tools
  • SQL Syntax and Error Reference
  • Preventing SQL Injection


#6: Attacking Users: Cross-Site Scripting

  • Varieties of XSS
  • Real-World XSS Attacks
  • Payloads for XSS Attacks
  • Delivery Mechanisms for XSS Attacks
  • Finding and Exploiting XSS Vulnerabilities
  • Preventing Reflected and Stored XSS


#7: Attacking Access Controls

  • Completely Unprotected Functionality
  • Identifier-Based Functions
  • Multistage Functions
  • Static Files
  • Platform Misconfiguration
  • Insecure Access Control Methods


#8: Attacking Back-End Components and Application Logic

  • Injecting OS Commands
  • Manipulating File Paths
  • The Nature of Logic Flaws
  • Real-World Logic Flaws
  • Avoiding Logic Flaws