WebSecNinja: Lesser Known WebAttacks is a brand new and unique web security course that takes the learner to the next level of web security. A perfect blend of latest and lesser known web attacks that are explained with ultimate details and accompanied by demos and "how tos" that you can apply in real world red-team pentesting and security assessments. The course curriculum is designed to include web attacks and techniques that are not much documented in books, trainings, courses and elsewhere. The course doesn't have a fixed agenda and the purpose of that is to accommodate latest attacks as and when they are discovered or published on various conferences like BlackHat, DEFCON etc. This course is best suited for web security architects, students, web developers, front-end javascript developers, security engineers, and security consultants. The contents of the course are well structured to satisfy all kind of audience from beginner to advanced level of competence.

Node.js® is a platform built on Chrome’s JavaScript runtime for easily building fast, scalable network applications. This new technology is widely getting adopted in various organisations. Like any platform, Node.js has it’s on set of features that developers blindly use without much thought on security. The heart of Node is JavaScript, so it inherits most of the issues that are found at client side JavaScript. However on the server side, it executes on V8 JavaScript engine which gives node the capabilities similar to that of any other server side scripting languages. That difference adds some unique attack surface to Node.js platform. Node.js Security: Pentesting & Exploitation course is one it’s kind to teach about Node.js Security.

Cross Site Scripting or XSS is still one of the most common injection vulnerability that exist in modern as well as legacy Web Applications. This course will teach XSS in-depth and even talk about the lesser known derivatives of XSS called Mutation XSS (mXSS) and Relative Path Overwrite XSS (RPO XSS). If you are interested in learning about the different types of XSS, different context in XSS, and about real world red team XSS Exploitation, then this course is for you and it does not take hours. Invest just 2 hours and master XSS in-depth.

Cross Site Scripting right from its days of inception has always been one of the most popular client side vulnerabilities. With the recent increase in usage of JavaScript Model-View-Controller Frameworks (like AngularJS, BackboneJS etc..) for building single page web applications, the search for XSS is more challenging but rewarding if done carefully. The main objective of this course is to bring students up to speed with various security aspects of testing these interfaces developed using multitude of JS-MVC ideology. This course is in no way related to finding bypasses in the core frameworks, but more related to finding vulnerabilities in the applications developed by improper usage of these otherwise perfect frameworks. This is a deep dive course where the students will be walked through the basic architecture of these frameworks and their inbuilt protection mechanisms. Knowledge of building userscripts for dynamic hooking of different templating engines to fuzz for XSS vulnerabilities is practiced over real world applications.