Welcome to this course on Practical Web Hacking. This course follows on from the Practical Bug Bounty course and will take you deeper into the world of finding and exploiting vulnerabilities in web applications. It’s recommended that you have completed the Practical Bug Bounty course or at least one year’s worth of experience in hacking web applications before you take this course. In this course, you will develop a deeper understanding of how web attacks work, learn to craft custom payloads and build a methodology for finding and exploiting more complex vulnerabilities.
The course will cover:
- How web applications work
- Authentication attacks
- Broken access control
- Server-side request forgery
- Advanced SQL injection attacks and NoSQL injection
- File inclusion
- XML External Entity Injection
- XSS and filter bypasses
- Attacking JSON Web Tokens
- Mass assignment
- Open redirects
- Race conditions
- Capstone challenge
Syllabus
- Introduction
- Authentication
- Access Control
- SSRF (Server-Side Request Forgery)
- SQL Injection
- File Inclusion
- XXE (XML External Entity Injection)
- XSS / JavaScript Injection
- JWTs (JSON Web Tokens)
- Mass Assignment
- WebSockets
- Open Redirects
- Race Conditions
- Capstone Challenge