Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Scribd
Upload
403 views

Advanced Web Hacking

- This is an advanced 5-day web hacking class that covers both server-side and client-side flaws. It is available remotely to Check Point customers and partners or on-site for a minimum of 16 people. - The class requires prerequisite knowledge of OWASP top 10 issues and focuses on advanced identification and exploitation techniques rather than beginner topics. - It is split into 3 days covering server-side vulnerabilities like SQL injection and serialization flaws, and 2 days on client-side attacks involving HTML, JavaScript, and browser technologies.

Uploaded by

Spipparis
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
403 views

Advanced Web Hacking

- This is an advanced 5-day web hacking class that covers both server-side and client-side flaws. It is available remotely to Check Point customers and partners or on-site for a minimum of 16 people. - The class requires prerequisite knowledge of OWASP top 10 issues and focuses on advanced identification and exploitation techniques rather than beginner topics. - It is split into 3 days covering server-side vulnerabilities like SQL injection and serialization flaws, and 2 days on client-side attacks involving HTML, JavaScript, and browser technologies.

Uploaded by

Spipparis
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 1

Advanced Web Hacking

5 DAY CLASS ADVANCED TRACK


BLACK BELT EDITION
This curriculum continues the Art of Web Hacking series
This class is available remotely to all Check Point customers and partners. Check Point also offers the * Available remotely to Check Point customers and partners
class on-site. The on-site classes require a minimum of 16 people.

We have brought together the most talented experts to challenge our clients. The team has recreated * Class size up to 16 students on-site
security vulnerabilities based on actual penetration tests and real bug bounties seen in the field. This fast-
* Pre-requisite list is available on request
paced class gives attendees an insight into advanced AppSec topics. The class curriculum is split into two:

 3 days of Server Side Flaws

 2 days of Client Side Flaws


If you work in the security industry of modern web applications, you will
The Art of Hacking
benefit from this class.
Exam
5 Days (Capture the Flag)
1 Day This is not a beginner class. To gain the maximum value from the topics
Exam Prep
Optional: Purchase
CREST
Registered
Teacher
being explored, attendees should have a strong understanding of the
Extra Lab Time
OWASP top 10 issues.
Crest Registered

Infrastructure Web Hacking


Tester Exam
The class does not cover all AppSec topics and focuses only on advanced
Hacking
3 Days
2 Days
identification and exploitation techniques of vulnerabilities.

Server Side Flaws (3 days) Client Side Flaws (2 days)


These vulnerabilities affect well-known software/websites and span across multiple These classes focus on offensive attacks and dangerous parts of HTML, JavaScript, and related technologies, the nasty and
technologies, such as .NET framework to Node.js applications. We selected vulnerabilities that undocumented stuff. There are dozens of new attack techniques straight from the laboratory of horrors of those
typically go undetected by modern scanners, or have less-known exploitation techniques. maintaining the HTML5 Security Cheat Sheet. We will learn how to attack any Web application— either with unknown
legacy features or the half-baked results coming to your browser from the labs of W3C, WHATWG and the ES6 mailing lists.
Whether you want to attack modern web applications or shiny browser extensions and Chrome Packaged Apps, we have
SQL Injection Serialization Flaws
that covered.
2nd order injection PHP object injection
Some knowledge of HTML and JavaScript is required, but rookies and experts will be equally satisfied with the class. HTML
NoSQL injection Java serialization flaws is a living standard, and so is this class.

Out-of-Band exploitation Case study of recent serialization flaws Course material will be provided on-site and via access to a private Github repo so all attendees will receive updated
material even months after the actual training.
WAF bypass techniques HTTP Parameter Pollution (HPP)
Starts with: Moves on to:
XXE Injection Detecting HPP in application Client Side flaws (basics) HTML5 Attacks & Vectors
Blind XXE injection Case study of recent HPP bugs HTTP / Encoding SVG
Character sets XML
Case Study of recent XXE bugs Business Logic Flaws CSRF and detail Mutation XSS / mXSS
Cross Site-Scripting Scriptless Attacks
XXE to Code Execution Mass assignment bugs
DOM clobbering SOP Bypasses In collaboration with
OS code injection Drag&Drop / Copy&Paste Filter Bypasses
DOMXSS Optimizing your payload
Crypto attacks
Legacy Features

You might also like