Description
WebSecNinja: Lesser Known WebAttacks is a brand new and unique web security course that takes the learner to the next level of web security.
- Are you interested in exploring some of the exotic domains of web application security?
- Want to learn about latest attack vectors in web security like Same Origin Method Execution (SOME) and Reflected File Download (RFD)?
- Master the lesser known variants of XSS like Relative Path Overwrite XSS (rPO XSS) and Mutation XSS (mXSS)?
This course is for you!
A perfect blend of latest and lesser known web attacks that are explained with ultimate details and accompanied by demos and “how tos” that you can apply in real world red-team pentesting and security assessments. The course curriculum is designed to include web attacks and techniques that are not much documented in books, trainings, courses and elsewhere. This course doesn’t have a fixed agenda and the purpose of that is to accommodate latest attacks as and when they are discovered or published on various conferences like BlackHat, DEFCON etc. Some of the attacks/ vulnerabilities explained in the course includes Same Origin Method Execution (SOME) or Reverse Clickjacking, Reflected File Download (RFD), lesser known techniques of Remote Command Execution (RCE) like detecting & exploiting blind RCE, bypassing weak RCE filters/WAF, Mutation XSS (mXSS), Relative Path Overwrite XSS (rPO XSS), Server Side Includes (SSI), Abusing Window’s Opener property, JSON Hijacking, Server Side Request Forgery (SSRF) etc.
This course is best suited for web security architects, students, web developers, front-end javascript developers, security engineers, and security consultants. The contents of the course are well structured to satisfy all kind of audience from beginner to advanced level of competence. Most of the courses elsewhere focus on OWASP Top 10 web vulnerabilities and there exist a lot of attacks or vulnerabilities that are not documented or categorized in the OWASP Top 10 web vulnerabilities list. This course try to cover such attacks and techniques and helps you to become the Jedi Master of Web Security.
What are the requirements?
- Basic Idea of how web applications work.
- Knowledge of server side programming and client side JavaScript is an added benefit but not a must have requirement.
- Basic understanding of encoding, escaping and encryption.
What am I going to get from this course?
- Over 21 lectures and 2 hours of content!
- Learn some of the lesser known WebAttacks
- Take your web application security skills to the next level.
- Learn how to identify these vulnerabilities in real world Web Applications.
What is the target audience?
- If you want to explore the exotic attacks and vulnerabilities in Web Security.
- Want to learn about some of the lesser known and latest web attacks.
- This course is not for those who do not have any basics of web security.
- This course is suitable for security enthusiasts, web developers, security analysts and those interested to explore the depth of web security.
OpSecX Course Certificate
Upon successful completion of the course, you will be given a Certificate of Appreciation and the certificate can be verified from OpSecX online.
Curriculum
Section 1: Introduction to the Course
1. Introduction
Section 2: RCE Attacks and Techniques
2. Remote Command or OS Command Injection Basics
3. Blind RCE Injection
4. RCE Techniques and Cheat Sheet
5. Bypassing RCE Filter
Section 3: JSON Hijacking
6. JSON Hijacking Basics
7. JSON Hijacking Demo
Section 4: Lesser Known XSS Variants
8. mXSS or mutation XSS
9. rPO XSS or Relative Path Overwrite XSS
Section 5: Server Side Includes Injection (SSI Injection)
10. Server Side Includes Injection Basics
11. Server Side Includes Injection Demo
Section 6: Server Side Request Forgery (SSRF)
12. Server Side Request Forgery Basics
13. Exploiting an SSRF Vulnerability
Section 7: Reflected File Download (RFD)
14. Reflected File Download (RFD) Theory
15. RFD Attack Explained
Section 8: Abusing Window.Opener Property
16. Abusing JavaScript’s window.opener property Theory
17. Phishing demo by abusing window.opener property
Section 9: Same Origin Method Execution (SOME)
18. Same Origin Method Execution Introduction
19. Same Origin Policy (SOP)
20. SOME Attack with Flash Callback explained
21. SOME Attack with Flash Callback Demo
Reviews
There are no reviews yet.