Advanced Web Hacking [Worth 1999$]


What Is Covered?
·        Advanced SQL Injection: From writing custom Double-Blind injection scripts to Second Order injections and Order-By injection clauses resulting in full system takeover, Advanced SQL Injection will cover all the necessary skills for mastering SQLI.
·        Command Injection: With command injection, students will be involved in creating Reverse Shells and Bind Shells which are able to bypass both filetype and filename filters. For completeness, in the ZDResearch Advanced Web Hacking Course other command injection methods are covered as well.
·        Code Injection: Going beyond the typical eval injection, code injection in “Advanced Web Hacking” covers file inclusions (LFI/RFI) and regular expression injections in addition to other types of code injection attacks.
·        Object Injection/Deserialization: An attack that is extremely popular these days is thoroughly and painstakingly detailed for the students particularly with respect to various Java applications.
·        XML XXE/XPath Injections: In this topic, the ZDResearch Advanced Web Hacking course covers injections related to the XML technology. This includes DOM and SAP parsers and XPath/XXE injections.
·        Reflective/Persistent/DOM XSS: With this skill, students will master all types of XSS. This allows students to have the skills necessary to bypass XSS blacklists and filters. An entirely new universe of different exploits applicable to XSS attacks will be covered as well.
·        CSRF: Here, students will forge requests to create new administrator accounts, gain complete access to the system, and bypass CSRF tokens in addition to other CSRF exploitation techniques.
·        HTML5 Attacks: This topic will encourage students to master HTML5-specific attacks from Video/Audio, CORS, CWM, WebSockets, Canvas/SVG, CSP, and Drag & Drop attacks.
·        Session Management Attacks: This topic will introduce students to session management and it’s potential vulnerabilities. This will allow students to accurately understand how attackers may manipulate sessions via session hijacking, session fixation, randomization attacks, etc.
·        Web Service Attacks: This skill provides students with the opportunity to master web service technologies including: REST, SOAP, WSDL, JWT, SAX, SSRF, etc. They will understand how each may be exploited to bypass access control, inject code and leak information which, taken together, results in an application being broken into.
·        Authentication & Authorization: Here, student learning will consist of modern authentication and authorization technologies such as RBAC, oAuth, etc. The topic covers what possible vulnerabilities exist in each of the respective technologies mentioned above. Students will then acquire the skills necessary to exploit these vulnerabilities, bypass CAPTCHAs, gain unauthorized access to systems, and escalate their privileges to root access.
·        Code Auditing: This will provide students the opportunity to understand how code auditing works, how static and dynamic code analysis technologies operate, what SMT and SAT solvers are, what their possible limitations are, how they can be bypassed, and how they can be used to discover new zeroday vulnerabilities within the context of web applications.
·        Other Attacks: Here, students will learn about bypassing WAFs. Attacks such as Open Redirect attacks, Denial of Service attacks, HTTP manipulation attacks, and human API attacks will also be covered in-depth in this chapter.


Whatsapp Button works on Mobile Device only

Start typing and press Enter to search