This is a brand new and unique web security course that takes the learner to the next level of web security. A perfect blend of latest and lesser known web attacks that are explained with ultimate details, accompanied by demos and “how tos” that you can apply in real world red-team pen-testing. The course curriculum is designed to include web attacks and techniques that are not much documented in books, trainings, courses and elsewhere along with the well known OWASP Top 10 web vulnerabilities. To make the course more effective and practical, a live CTF will be organized for the attendees to apply what they have just learned. This course is made in such a way to accommodate latest attacks as and when they are discovered or published on various conferences like BlackHat, DEFCON, OWASP AppSec etc.
This course is best suited for pentesters, web security architects, students, web developers, javascript developers, security engineers, and security consultants. The contents of the course are well structured to satisfy all kinds of audience from beginner to advanced level of competence. This course try to cover such attacks and techniques and helps you to become the Jedi Master of Web Security.
What are the requirements?
- Basic idea of how web applications work.
- Knowledge of client side JavaScript and HTML.
- Basic scripting knowledge in Python is good to have.
- Minimum 2 GB RAM and 20 GB HDD
- Full Virtualization support to run VMWare or VirtualBox
- WiFi/Ethernet support for connectivity.
- Full Administrative access and USB ports enabled.
What are the take aways?
- OpSecX Certificate of Completion
- Course Slides and Cheatsheets
- Vulnerable apps to practise your skills
- Learn about OWASP Top 10 Web vulnerabilities
- Learn about latest and lesser known Web Attacks
- Art of spawning shells with Injection attacks
Course Details
Duration: 3 days
Language: English
Location: As requested and onsite
Trainer: Ajin Abraham
No of Students: 10 – 25
Cost in India: 75000 INR/ Individual
Cost Abroad/Onsite: 2250 USD/ Individual
Course Syllabus
Introduction to the Course
- Basics of Web Application
- Basics of DNS
- Basics of Web Security
- Same Origin Policy and other Browser level controls
- Bypassing SOP
- Terminology: Encoding vs Escaping vs Encryption
- Getting Familiar with HTTP(s) Proxies
- Introduction to Web Fuzzing
Introduction to Web Vulnerabilities and Attacks
- Injection Vulnerabilities and Attacks
- Client Side Attacks vs Server Side Attacks
Fingerprinting the Web Stack
- Web App and Server fingerprinting
- Firewall / WAF fingerprinting
- Content Management System fingerprinting
- DNS/Subdomain enumeration
- Directory/File structure enumeration
Cross Site Scripting (XSS)
- Reflected and Stored Cross Site Scripting
- XSS and Contexts
- DOM XSS
- Identifying DOM XSS in modern JS MVC frameworks.
- mXSS or mutation XSS
- rPO XSS or Relative Path Overwrite XSS
- Advanced XSS Exploitation with Beef and OWASP Xenotix
Cross Site Request Forgery (CSRF)
- Basics of CSRF
- Exploiting CSRF
- CSRF against RESTful Web APIs
SQL Injection (SQLi)
- SQL Injection Basics
- Error based SQLi
- Union based SQLi
- Time based blind SQLi
- Boolean based blind SQLi
- Out of band SQLi
- Automated SQLi exploitation with sqlmap
- Advanced SQLi exploitation for shell access
Remote Command Execution (RCE)
- Remote Command Execution basics
- Testing for RCE
- Bypassing Filters and Firewalls
- RCE Cheatsheet
- Getting shell access
- Reverse Shell Cheatsheet
- Automated Remote Command Execution with commix
Remote Code Injection (RCI)
- Basics of Remote Code Injection
- Testing for Remote Code Injection
- Code Injection in popular languages
- Getting shell access
File Inclusion Vulnerabilities
- Directory Traversal
- Exploiting Local File Inclusion
- Exploiting Remote File Inclusion
LDAP Injection
- LDAP Basics
- Exploiting LDAP Injection
- Blind LDAP Injection
Server Side Includes (SSI) & Server Side Template injection (SSTI)
- Server Side Includes basics
- Server Side Includes Exploitation
- Basics of Server Side Templating
- Server Side Template Injection Basics
- Exploiting Server Side Template injection for shell access
Mass Assignment problem in Web Apps
- Mass Assignment in PHP
- Exploiting Mass Assignment in Ruby
- Mass Assignment in Node.js
Insecure Direct Object Reference (IDOR)
- Understanding IDOR
- IDOR Classification
- Automated IDOR Detection with Burp
XPATH Injection
- XPATH Bascis
- XPATH Injection
- Out of band XPATH Injection
- Exploiting XPATH Injection
Server Side Request Forgery (SSRF) Attacks
- Server Side Request Forgery Basics
- Internal vs External SSRF
- Exploiting an SSRF Vulnerability
XML External Entity (XXE) Attacks
- XXE Basics
- Reflected XXE exploitation
- Blind XXE exploitation
- Exploiting XXE in File formats
- SSRF with XXE
Deserialization Attacks
- Deserialization attacks in Java
- Unserialization and Magic functions in PHP
- Exploiting Unserialize/ Object Injection in PHP
- Exploiting Unserialize in Node.js
- Attacking Pickle in Python
HTTP Parameter Pollution (HPP)
- Parameter Handling in Web Applications
- Parameter Precedence
- Different Parameter/Routing Schemes
- HTTP Parameter pollution and exploitation
NoSQL Injection (NoSQLi)
- NoSQL Basics
- NoSQL Injection in MongoDB
- NoSQL where Injection and exploitation
- NoSQL blind Injection
- Remote Code Injection with NoSQLi
- Exploiting NoSQLi with NoSQL Exploitation Framework
Cross Site Script Inclusion (XSSI)
- XSSI Basics
- XSSI Exploitation
Hacking JSON
- JSON Primer
- JavaScript Primer on setter
- JSON Hijacking
- JSON Hijacking Today
- Abusing JSONP to steal data
Reflected File Download (RFD)
- Reflected File Download (RFD) basics
- Crafting an RFD payload
- Exploiting with RFD
Abusing Web App Functionality
- Abusing File upload handlers
- Phishing with Open Redirects
- Abusing Data URIs for phishing
- Phishing with Tabnabbing
- Clickjacking
- JavaScript’s window.opener property
- Phishing with window.opener
Same Origin Method Execution (SOME)
- Same Origin Method Execution basics
- Revisiting Same Origin Policy (SOP)
- SOME Attack with Flash Callback
Exploiting Crypto Vulnerabilities
- Hash extension attacks
- Padding Oracle attacks
Bypassing Captcha
- Introduction to OCR
- Automated Captcha Solving
Case Study: Data Breach and Password Cracking
- Analysing Breach data to identify weakness in Crypto
- Dictionary attack with custom scripts
- Brute-forcing password with Hashcat
Writing Security Tools
- Automating Pen-tests
- Writing Custom Logic on Proxies
- Playing with HTTP Requests
- Applying Security Logic
- Creating tools to detect XSS, SQLi, RCE etc.