Booking options
£149.99
Course Images
Web Hacking Expert - Full-Stack Exploitation Mastery
By Packt
- 30 Day Money Back Guarantee
- Completion Certificate
- 24/7 Technical Support
Highlights
On-Demand course
4 hours 46 minutes
All levels
Description
This course will help you master the intermediate level of modern-day web application vulnerability attacks and apply the knowledge in your own pentesting projects. You will learn step-by-step how all these attacks work, and you will also learn how to check if your web applications are vulnerable to these attacks.
Modern web applications are complex and it's all about full-stack nowadays. That's why you need to dive into full-stack exploitation if you want to master web attacks. There is no room for classical web application hacking to exploit modern full-stack web apps and therefore, modern-day exploit methods will be showcased here. In this course, it will be shown to you how hackers can bypass Content Security Policy (CSP) which is the most powerful defensive technology in modern web applications. Then during this course, it will also be demonstrated how web applications can be hacked through PDFs, images, and links. You will also learn how hackers can steal secrets from AngularJS applications, which are very popular these days. Before concluding the course, you will understand how to exploit race conditions in web applications and how serious the consequences of this attack can be. At the end of this course, you would have gained knowledge about other powerful, full-stack attacks on modern web applications such as HTTP parameter pollution, subdomain takeover, and clickjacking.
What You Will Learn
Dive into full-stack exploitation of modern web applications
Learn how hackers can bypass Content Security Policy (CSP)
Discover how web applications can be hacked through PDFs, images, and links
Explore how hackers can steal secrets from AngularJS applications
Check if your web applications are vulnerable to race condition attacks
Learn about HTTP parameter pollution, subdomain takeover, and clickjacking
Audience
This course is ideal for all penetration testers, ethical hackers, bug hunters, and security engineers/consultants who want to enhance and refresh their knowledge of pentesting and hacking.
As a prerequisite, an individual with basic to intermediate level knowledge of hacking along with familiarity with common web application vulnerabilities will get the most out of this course. There will not be a dedicated video for installation purposes.
Approach
This is a highly practical and hands-on course on exploiting vulnerabilities of full-stack web applications. This course comes bundled with a lot of demos so that you can apply this knowledge in your own pentesting projects. The step-by-step approach along with real-world case studies will help you understand and implement the attacks easily.
Key Features
Learn from one of the top hackers at HackerOne and use tools in your own penetration testing projects * Highly practical and hands-on course filled with real-world examples wherever possible * Become a web hacking expert and explore ways how modern-day attacks work in practice
About the Author
Dawid Czagan
Dawid Czagan is an internationally recognized security researcher and trainer. He is listed among the top hackers at HackerOne. Dawid Czagan has found security vulnerabilities in Google, Yahoo, Mozilla, Microsoft, Twitter, and other companies. Due to the severity of many bugs, he received numerous awards for his findings. Dawid Czagan shares his security experience in his hands-on training at key industry conferences worldwide. He is the founder and CEO of Silesia Security Lab.
Course Outline
1. Introduction to the Course
1. Introduction This video provides an overview of the course and its structure. |
2. Bypassing Content Security Policy in Modern Web Applications
1. Introduction to the Section This video introduces the section. |
2. Bypassing CSP through ajax.googleapis.com This video explains and demonstrates bypassing CSP through ajax.googleapis.com. |
3. Bypassing CSP through Flash File This video demonstrates bypassing CSP through flash file. |
4. Bypassing CSP through Polyglot File This video explains bypassing CSP through polyglot file. |
5. Bypassing CSP through AngularJS This video explains and demonstrates the bypassing of CSP through AngularJS. |
3. Hacking Web Applications through PDFs, Images, and Links
1. Introduction to the Section This video introduces the section. |
2. Token Hijacking through PDF - Part 1 This is the first of the two-part video that demonstrates token hijacking through PDF. |
3. Token Hijacking through PDF - Part 2 This is the second of the two-part video that demonstrates token hijacking through PDF. |
4. XSS through Image - Part 1 This is first of the two-part video that talks about the theoretical part as to how to attack the image. |
5. XSS through Image - Part 2 This is the second of the two-part video that demonstrates the XSS through Image. |
6. User Redirection through window.opener Tabnabbing - Part 1 This is the first of the two-part video that talks about how to attack through link. You will work on the user redirection through window.opener tabnabbing. |
7. User Redirection through window.opener Tabnabbing - Part 2 This is the second of the two-part video that talks about how to prevent from this attack. This attack is user redirection through window.opener tabnabbing. |
4. Hacking AngularJS Applications
1. Introduction to the Section This video introduces the section. |
2. AngularJS: Template Injection and $scope Hacking - Part 1 This is the first of the two-part video that talks about the theoretical part of Template Injection and $scope Hacking that uses AngularJS. |
3. AngularJS: Template Injection and $scope Hacking - Part 2 This is the second of the two-part video that demonstrates Template Injection and $scope Hacking that uses AngularJS. |
4. AngularJS: Going Beyond the $scope This video will help you go beyond the $scope in AngularJS. |
5. AngularJS: Hacking a Static Template This video explains the hacking of a static template in AngularJS. |
6. Summary - Hacking AngularJS Applications This is a summary video on hacking AngularJS applications. |
5. Exploiting Race Conditions in Web Applications
1. Introduction to the Section This video introduces the section. |
2. Exploiting Race Conditions - Case 1 (Part1) This is the first of the two-part video on exploiting race conditions for case 1. Here, you would be looking at how the hackers use multithreading conditions for stealing money from a bank. |
3. Exploiting Race Conditions - Case 1 (Part2) This is the first of the two-part video on exploiting race conditions for case 2. Here, you would be looking at how the hackers use another race conditions for stealing money from a bank. |
4. Exploiting Race Conditions - Case 2 This video explains exploiting race conditions for case 2. Here, you would be looking at how the hackers re-use one-time discount code. |
5. Case Studies of Award-Winning Race Condition Attacks This video explains some case studies of award-winning race condition attacks. |
6. Full-Stack Attacks on Modern Web Applications
1. Introduction to the Section This video introduces the section. |
2. HTTP Parameter Pollution - Part 1 This is the first of the two-part video that talks about the root cause of the problem in the browser where we can use this HTTP Parameter Pollution. |
3. HTTP Parameter Pollution - Part 2 This is the second of the two-part video that bypasses the authorization and helps you demonstrate the HTTP Parameter Pollution. |
4. Subdomain Takeover - Part 1 This is the first of the two-part video that demonstrates the subdomain takeover by attacking the subdomain. |
5. Subdomain Takeover - Part 2 This is the second of the two-part video that recaps what steps you have followed to take the control of the Subdomain. |
6. Account Takeover through Clickjacking - Part 1 This is the first of the two-part video that demonstrates the actual attack where you would take control of the account with the help of Clickjacking. |
7. Account Takeover through Clickjacking - Part 2 This is the second of the two-part video that demonstrates how to be prevented from the account takeover through Clickjacking. |
Course Content
- Web Hacking Expert - Full-Stack Exploitation Mastery
About The Provider
Packt
Birmingham
Founded in 2004 in Birmingham, UK, Packt’s mission is to help the world put software to work in new ways, through the delivery of effective learning and i...
Reviews
There are no reviews for Web Hacking Expert - Full-Stack Exploitation Mastery yet.Why not be the first one to review this course?