The days of porous network perimeters are fading fast as services become more resilient and harder to exploit. In order to penetrate today's modern networks, a new approach is required. In order to gain that initial critical foothold in a network, penetration testers must be fluent in the art of exploiting front-facing web applications. Offensive Security's Advanced Web Attacks and Exploitation course will take you far beyond the simple basics of SQL injection and bring you deep into the realm of web application penetration testing.
From mind-bending XSS attacks, to exploiting CSRF vulnerabilities, to advanced SQL injection attacks, Advanced Web Attacks and Exploitation will broaden your knowledge of web application hacking and help you identify and circumvent various protection mechanisms in use on the web today.
This intensive, hands-on course will take your skills beyond run-of-the-mill SQL injection or mediocre file inclusion attacks and propel you into a world of brain-melting SQL queries, mind-blowing XSS and remote code execution attacks, and more - leaving you gasping in disbelief.
This course includes complex hands-on labs throughout the training. All students will be provided with pre-configured VMware images which include both instructional and real world web vulnerabilities. These vulnerable web applications are analyzed and exploited for the duration of the course.
Advanced Web Attacks and Exploitation is NOT an entry level course. The pace of learning is fast and furious - students are expected to have a solid understanding of how to perform basic web application attacks, at a minimum. This class is aimed at penetration testers and security auditors who need to take their web application penetration testing skills to a new level.
It is assumed that the student already has a medium understanding of the underlying protocols and technologies involved in testing web applications such as the HTTP protocol, SSL communications, and the usage of various browser plugins and proxies. A basic familiarity with web based programming languages such as php, javascript and mysql will also prove helpful.
Four days. All course materials, lunch and two coffee breaks will be provided. A Certificate of Completion will be offered.
Mati Aharoni is the lead BackTrack Developer, and founder of Offensive Security. With over 10 years of experience as a professional penetration tester, Mati has uncovered several major security flaws and is actively involved in the offensive security arena.